Defining the Setting's allowed entries

With the Schema Settings module, you can retrieve the settings from the site (stored in table wp_options), by querying field option:

{
optionValue(name: "home")
}

For security reasons, which options can be queried must be explicitly configured.

By default, only the following options can be queried:

  • "siteurl"
  • "home"
  • "blogname"
  • "blogdescription"
  • "WPLANG"
  • "posts_per_page"
  • "date_format"
  • "time_format"
  • "blog_charset"

Settings response permalink

When executing field option, if access to the option name is not allowed in the Settings page, the query returns an error.

For instance, executing this query:

{
optionValue(name: "nonExistentOption")
}

Returns:

{
"errors": [
{
"message": "There is no option with name 'nonExistentOption'",
"extensions": {
"type": "Root",
"id": "root",
"field": "optionValue(name:\"nonExistentOption\")"
}
}
],
"data": {
"option": null
}
}

Otherwise, the response is the value for the settings with the specified name.

Configuring the allowed options permalink

In the "Schema Settings" tab from the Settings, we must configure the list of options that can be queried via option.

Each entry can either be:

  • A regex (regular expression), if it's surrounded by /, or
  • The full option name, otherwise

For instance, both entries siteurl and /site.*/ match option name "siteurl".

Defining the entries for the Settings
Defining the entries for the Settings

There are 2 behaviors, "Allow access" and "Deny access":

๐Ÿ‘‰๐Ÿฝ Allow access: only the configured entries can be accessed, and no other can
๐Ÿ‘‰๐Ÿฝ Deny access: the configured entries cannot be accessed, all other entries can

Defining the access behavior
Defining the access behavior