New cop idea: ensure fields that reference authorized types are null: true

[stevecrozz]

The default graphql-ruby approach to unauthorized objects is to replace them with null. In order for that to work, the field declarations referring to these types must be null: true

Do you think it is possible to create a cop to make sure that all fields that reference types have null: true?

[DmitryTsepelev]

Hey!

We need a way to understand from AST that field has policy. We already do a similar thing for node types using authorized?: https://github.com/DmitryTsepelev/rubocop-graphql/blob/master/lib/rubocop/cop/graphql/not_authorized_node_type.rb.

If there's something on the field level (i.e. field :user, UserType, null: false, policy: UserPolicy) — it should be possible, if it's only in the code — will be way harder