Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

This module provides automatic GraphQL mutations for creating, updating, and deleting any Drupal entity. It integrates with graphql_compose to streamline these CRUD operations without manual schema extensions, while still enforcing Drupal's entity access permissions.

About

Provides generic CRUD mutations for any Drupal entity type in your GraphQL schema.

Extends graphql_compose to enable create, update, and delete operations without writing schema extensions manually.

Basic usage

Enable the module to expose mutations:

mutation createNode {
  genericMutation(
    data: {
      type: "node"
      bundle: "article"
      operation: CREATE
      values: {
        title: "Hello World"
        body: "Content here"
      }
    }
  ) {
    success
    errors
    entity {
      ... on NodeArticle {
        id
        title
      }
    }
  }
}

Query available operations and permissions:

query {
  operationsByEntityType(entity_type: "node") {
    bundle
    create
    update
    delete
  }
  permissions(entity_type: "node", bundle: "article", operation: CREATE)
}

Extend and override

  • Decorate UserPermissions service to customize permission logic
  • Implement custom resolvers for GenericEntityResponse fields
  • Hook into entity events using standard Drupal entity hooks

Example service decoration in my_module.services.yml:

services:
  my_module.user_permissions:
    class: Drupal\my_module\MyCustomPermissions
    decorates: graphql_compose_mutations.user_permissions

Security notice

Permission checks are enforced at the data producer level, not just schema-level. Users must have appropriate Drupal entity permissions (create {bundle} content, edit any {bundle} content, delete any {bundle} content, etc.) for operations to succeed.

Always validate untrusted input and consider adding additional validation layers for public-facing GraphQL endpoints.

Activity

Total releases
2
First release
Jan 2026
Latest release
6 months ago
Releases (12 mo)
2 ▲ from 0
Maintenance
Slowing

Releases

Version Type Release date
1.0.0 Stable Jan 7, 2026
1.0.x-dev Dev Jan 7, 2026