GraphQL APIs need authorization rules that prevent traversal attacks and granular rules to determine if a Viewer has access to a field.
I'm a developer. I spend most of my time coding features for stakeholders and other developers. Some part of the day is spent challenging and filtering feature requests too.
I have never felt how it's like to be an end user of a product, have a thought about improving it, submitting a feature request, defending / clarfying the idea and then finally see it implemented.
Well today, I just experienced it and I have to say it's almost euphoric.
The learning from this: Now I know how much joy a developer creates, especially when the feature is fleshed out over a meaningful discussion.
So go challenge that business stakeholder and build something nice =)
Nicked the screenshots from the issue as a souveneir.