in src/main/scala/middleware/FieldPermissions.scala [24:39]
override def beforeField(queryVal: Unit, mctx: MiddlewareQueryContext[GQLQueryContext, _, _], ctx: Context[GQLQueryContext, _]): BeforeFieldResult[GQLQueryContext, FieldVal] = {
import com.gu.contentapi.porter.graphql.permissions
val maybeRestriction = ctx.field.tags.collectFirst { case permissions.Restricted(tier) => tier }
maybeRestriction match {
case Some(restriction)=>
if(ctx.ctx.userTier < restriction) {
logger.info(s"denying access to ${ctx.field.name} because it is restricted to $restriction and user is ${ctx.ctx.userTier}")
throw Errors.PermissionDenied("This field is not permitted for your user tier")
} else {
continue
}
case None=>
continue
}
}