From ed3966e5771f183a42e9559ff19c2e762c1f5ccc Mon Sep 17 00:00:00 2001
From: Lukasz Raczylo <lukasz@raczylo.com>
Date: Fri, 6 Dec 2024 11:58:34 +0000
Subject: [PATCH] If the field is allowed, continue checking remaining fields.

---
 graphql.go | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/graphql.go b/graphql.go
index 8a8396a..f23f91c 100644
--- a/graphql.go
+++ b/graphql.go
@@ -177,12 +177,18 @@ func checkSelections(c *fiber.Ctx, selections []ast.Selection) bool {
 					fieldName := strings.ToLower(sel.Name.Value)
 					if _, exists := introspectionQueries[fieldName]; exists {
 							if len(cfg.Security.IntrospectionAllowed) > 0 {
-									if _, allowed := introspectionAllowedQueries[fieldName]; !allowed {
-											return true
+									// If this field is allowed, don't block and continue checking other fields
+									if _, allowed := introspectionAllowedQueries[fieldName]; allowed {
+											if sel.SelectionSet != nil {
+													if checkSelections(c, sel.GetSelectionSet().Selections) {
+															return true
+													}
+											}
+											continue
 									}
-							} else {
 									return true
 							}
+							return true
 					}
 					if sel.SelectionSet != nil {
 							if checkSelections(c, sel.GetSelectionSet().Selections) {