WPGraphQL

Tag: Queries

  • Allow login mutation to be public when the endpoint is fully restricted

    If you’ve configured your WPGraphQL settings to “Limit the execution of GraphQL operations to authenticated requests”, this will block all root operations unless the user making the request is already authenticated.

    If you’re using a GraphQL mutation to authenticate, such as the one provided by WPGraphQL JWT Authentication, you might want to allow the login mutation to still be executable by public users, even if the rest of the API is restricted.

    This snippet allows you to “allow” the login mutation when all other root operations are restricted. 

    add_filter( 
  'graphql_require_authentication_allowed_fields', 
  function( $allowed ) {
	$allowed[] = 'login';
	return $allowed;
}, 10, 1 );

  • Query the Homepage

    In WordPress, the homepage can be a Page or an archive of posts of the Post post_type (which is represented by WPGraphQL as a “ContentType” node).

    This query allows you to query the homepage, and specify what data you want in response if the homepage is a page, or if the homepage is a ContentType node. 

    {
  nodeByUri(uri: "/") {
    __typename
    ... on ContentType {
      id
      name
    }
    ... on Page {
      id
      title
    }
  }
}

    If the homepage were set to a Page, like so:

    Then a Page would be returned in the Query Results, like so:

    But if the homepage were set to be the Posts page:

    Then the results would return a ContentType node, like so:

  • Using GraphQL Fragments in PHP

    You can execute GraphQL queries in PHP. In this case, we even show using a GraphQL Fragment.

    add_action( 'init', function() {

	$results = graphql([
		'query' => '
		{
		  posts {
		    nodes {
		      ...PostFields
		    }
		  }
		}
		fragment PostFields on Post {
		  id
		  title
		}
		',
	]);

	var_dump( $results );
	die();

} );

    Executing this code leads to the following output:

    PHP output of executing Graphql

    Additionally, if you were to define your fragment in another file, such as the file that is rendering the data, you can define fragments as variables and concatenate them like so:

    $fragment = '
  fragment PostFields on Post {
    id
    title
}
';

$results = graphql([
  'query' => '
    {
      posts {
        nodes {
	  ...PostFields
	}
      }
    }
  ' . $fragment ,
]);

  • Filter to add restricted field on Model

    Labels on Post Types are not publicly exposed by WordPress. They are attributes for use in the Admin, and are treated with respect to proper access to the admin.

    To see the labels, the user requesting them must be authenticated.

    When a user requesting a PostType, these are the following fields that are by default allowed to be viewed by a public request: https://github.com/wp-graphql/wp-graphql/blob/develop/src/Model/PostType.php#L59

    You can use the graphql_allowed_fields_on_restricted_type filter to expose more fields publicly if you chose to do so: https://github.com/wp-graphql/wp-graphql/blob/develop/src/Model/Model.php#L292

    add_filter( 'graphql_allowed_fields_on_restricted_type', function( $fields, $model_name, $data, $visibility, $owner, $current_user ) {
	if ( 'PostTypeObject' === $model_name ) {
		$fields[] = 'label';
	}
	return $fields;
}, 10, 6 );

    Before adding the filter:

    Restricted field before adding filter

    After adding the filter:

    Restricted field after adding filter

    Github Issue: https://github.com/wp-graphql/wp-graphql/issues/1304#issuecomment-626836656