activeadmin-graphql 0.1.0

data/lib/active_admin/graphql/schema_builder/mutation_update_destroy.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+module ActiveAdmin
+  module GraphQL
+    class SchemaBuilder
+      module MutationUpdateDestroy
+        private
+
+        def mutation_update_field(sb, ns, aa_res, model, type_c)
+          fname = "update_#{aa_res.resource_name.route_key.singularize.tr("-", "_")}"
+          find_type = @find_input_types[model]
+          update_input = @update_input_types[model]
+
+          proc do
+            field fname.to_sym, type_c, null: true, camelize: false,
+              visibility: {kind: :mutation_update, graphql_type_name: sb.send(:graphql_type_name_for, aa_res), resource: aa_res},
+              description: "Update #{model.name}" do
+              argument :where, find_type, required: true, camelize: false
+              argument :input, update_input, required: true, camelize: false
+            end
+
+            define_method(fname.to_sym) do |where:, input:, **|
+              auth = context[:auth]
+              blob = where.to_h.stringify_keys
+              graph = sb.graph_params_from_find_blob(aa_res, blob)
+              begin
+                rid = ActiveAdmin::PrimaryKey.member_param_hash(model, blob)
+              rescue ArgumentError => e
+                raise ::GraphQL::ExecutionError, e.message
+              end
+
+              proxy = ResourceQueryProxy.new(
+                aa_resource: aa_res,
+                user: auth.user,
+                namespace: ns,
+                graph_params: graph
+              )
+              record = proxy.find_member(rid)
+              raise ::GraphQL::ExecutionError, "not found" unless record
+
+              unless auth.authorized?(aa_res, ActiveAdmin::Authorization::UPDATE, record)
+                raise ::GraphQL::ExecutionError, "not authorized to update this record"
+              end
+
+              attrs = sb.assignable_slice_from_input(aa_res, input)
+              record = if (hook = aa_res.graphql_config.resolve_update_proc)
+                hook.call(
+                  proxy: proxy,
+                  input: input,
+                  attributes: attrs,
+                  record: record,
+                  context: context,
+                  auth: auth,
+                  aa_resource: aa_res
+                )
+              else
+                attrs = attrs.stringify_keys.slice(*aa_res.graphql_assignable_attribute_names)
+                unless record.update(attrs)
+                  raise ::GraphQL::ExecutionError, record.errors.full_messages.to_sentence
+                end
+                record
+              end
+              record
+            end
+          end
+        end
+
+        def mutation_destroy_field(sb, ns, aa_res, model)
+          fname = "delete_#{aa_res.resource_name.route_key.singularize.tr("-", "_")}"
+          find_type = @find_input_types[model]
+
+          proc do
+            field fname.to_sym, ::GraphQL::Types::Boolean, null: false, camelize: false,
+              visibility: {kind: :mutation_delete, graphql_type_name: sb.send(:graphql_type_name_for, aa_res), resource: aa_res},
+              description: "Delete #{model.name}" do
+              argument :where, find_type, required: true, camelize: false
+            end
+
+            define_method(fname.to_sym) do |where:, **|
+              auth = context[:auth]
+              blob = where.to_h.stringify_keys
+              graph = sb.graph_params_from_find_blob(aa_res, blob)
+              begin
+                rid = ActiveAdmin::PrimaryKey.member_param_hash(model, blob)
+              rescue ArgumentError => e
+                raise ::GraphQL::ExecutionError, e.message
+              end
+
+              proxy = ResourceQueryProxy.new(
+                aa_resource: aa_res,
+                user: auth.user,
+                namespace: ns,
+                graph_params: graph
+              )
+              record = proxy.find_member(rid)
+              raise ::GraphQL::ExecutionError, "not found" unless record
+
+              unless auth.authorized?(aa_res, ActiveAdmin::Authorization::DESTROY, record)
+                raise ::GraphQL::ExecutionError, "not authorized to destroy this record"
+              end
+
+              if (hook = aa_res.graphql_config.resolve_destroy_proc)
+                hook.call(
+                  proxy: proxy,
+                  record: record,
+                  context: context,
+                  auth: auth,
+                  aa_resource: aa_res
+                )
+              else
+                record.destroy!
+              end
+              true
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_admin/graphql/schema_builder/query_type.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module ActiveAdmin
+  module GraphQL
+    class SchemaBuilder
+      module QueryType
+        include QueryTypeRegistered
+        include QueryTypeCollection
+        include QueryTypeMember
+        include QueryTypePages
+
+        def build_query_type(registered_resource_union:)
+          builder = self
+          ns = @namespace
+          aa_by_model = @aa_by_model
+          object_types = @object_types
+          aa_by_graphql_type_name = @aa_by_graphql_type_name
+          list_filter_input_types = @list_filter_input_types
+          find_input_types = @find_input_types
+
+          Class.new(::GraphQL::Schema::Object) do
+            field_class ::ActiveAdmin::GraphQL::SchemaField
+
+            graphql_name "Query"
+            description "ActiveAdmin GraphQL API (#{ns.name})"
+
+            if registered_resource_union
+              builder.add_registered_resource_query_field!(
+                self,
+                builder: builder,
+                ns: ns,
+                registered_resource_union: registered_resource_union,
+                aa_by_graphql_type_name: aa_by_graphql_type_name
+              )
+            end
+
+            builder.add_model_query_fields!(
+              self,
+              builder: builder,
+              ns: ns,
+              aa_by_model: aa_by_model,
+              object_types: object_types,
+              list_filter_input_types: list_filter_input_types,
+              find_input_types: find_input_types
+            )
+
+            builder.add_page_query_fields!(self, builder: builder, ns: ns)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_admin/graphql/schema_builder/query_type_collection.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module ActiveAdmin
+  module GraphQL
+    class SchemaBuilder
+      module QueryTypeCollection
+        def add_model_query_fields!(query_class, builder:, ns:, aa_by_model:, object_types:,
+          list_filter_input_types:, find_input_types:)
+          aa_by_model.each do |model, aa_res|
+            builder.define_query_collection_field!(
+              query_class, model, aa_res, builder, ns, object_types, list_filter_input_types
+            )
+            builder.define_query_member_field!(
+              query_class, model, aa_res, builder, ns, object_types, find_input_types
+            )
+          end
+        end
+
+        def define_query_collection_field!(query_class, model, aa_res, builder, ns, object_types,
+          list_filter_input_types)
+          plural_route = aa_res.resource_name.route_key.tr("-", "_")
+          type_gn = builder.send(:graphql_type_name_for, aa_res)
+          filter_type = list_filter_input_types[model]
+          type_c = object_types[model]
+          return unless type_c
+
+          query_class.class_eval do
+            field plural_route.to_sym, type_c.connection_type, null: false, connection: true, camelize: false,
+              visibility: {
+                kind: :query_collection_field,
+                graphql_type_name: type_gn,
+                field_name: plural_route,
+                resource: aa_res
+              },
+              description: "Paginated list of #{model.name} (#{aa_res.resource_name.human}); " \
+                "pass +filter+ or legacy +q+ / +scope+ / +order+ (Ransack +q+ matches the JSON index param). " \
+                "Nested resources require the parent foreign key (same as REST route params)." do
+              argument :filter, filter_type, required: false, camelize: false
+              argument :scope, ::GraphQL::Types::String, required: false, camelize: false
+              argument :q, ::GraphQL::Types::JSON, required: false, camelize: false
+              argument :order, ::GraphQL::Types::String, required: false, camelize: false
+              if (btc = aa_res.belongs_to_config)
+                argument btc.to_param.to_sym, ::GraphQL::Types::ID, required: btc.required?, camelize: false
+              end
+            end
+
+            define_method(plural_route.to_sym) do |filter: nil, scope: nil, q: nil, order: nil, **kw|
+              auth = context[:auth]
+              unless auth.authorized?(aa_res, ActiveAdmin::Authorization::READ, model)
+                raise ::GraphQL::ExecutionError, "not authorized to read #{model.name}"
+              end
+
+              graph_params = builder.list_graph_params(
+                aa_res,
+                filter: filter,
+                scope: scope,
+                q: q,
+                order: order,
+                **kw
+              )
+              proxy = ResourceQueryProxy.new(
+                aa_resource: aa_res,
+                user: auth.user,
+                namespace: ns,
+                graph_params: graph_params
+              )
+              builder.graphql_resolve_index(
+                aa_res,
+                proxy: proxy,
+                context: context,
+                graph_params: graph_params,
+                filter: filter,
+                scope: scope,
+                q: q,
+                order: order,
+                **kw
+              )
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_admin/graphql/schema_builder/query_type_member.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module ActiveAdmin
+  module GraphQL
+    class SchemaBuilder
+      module QueryTypeMember
+        def define_query_member_field!(query_class, model, aa_res, builder, ns, object_types, find_input_types)
+          singular = aa_res.resource_name.route_key.singularize.camelize(:lower)
+          type_gn = builder.send(:graphql_type_name_for, aa_res)
+          find_type = find_input_types[model]
+          type_c = object_types[model]
+          return unless type_c
+
+          query_class.class_eval do
+            field singular.to_sym, type_c, null: true, camelize: false,
+              visibility: {
+                kind: :query_member_field,
+                graphql_type_name: type_gn,
+                field_name: singular,
+                resource: aa_res
+              },
+              description: "Find #{model.name} by id (same scoping chain as REST +show+). Use +where+ or legacy +id+." do
+              argument :where, find_type, required: false, camelize: false
+              if ActiveAdmin::PrimaryKey.composite?(model)
+                argument :id, ::GraphQL::Types::ID, required: false, camelize: false,
+                  description: "JSON object string with all primary keys, or use per-key arguments"
+              else
+                argument :id, ::GraphQL::Types::ID, required: false, camelize: false
+              end
+              if ActiveAdmin::PrimaryKey.composite?(model)
+                ActiveAdmin::PrimaryKey.ordered_columns(model).each do |col|
+                  coldef = model.columns_hash[col]
+                  next unless coldef
+
+                  gql_t = builder.send(:graphql_scalar_for_column, aa_res, model, coldef)
+                  argument col.to_sym, gql_t, required: false, camelize: false
+                end
+              end
+              if (btc = aa_res.belongs_to_config)
+                argument btc.to_param.to_sym, ::GraphQL::Types::ID, required: false, camelize: false
+              end
+            end
+
+            define_method(singular.to_sym) do |where: nil, id: nil, **kw|
+              auth = context[:auth]
+              unless auth.authorized?(aa_res, ActiveAdmin::Authorization::READ, model)
+                raise ::GraphQL::ExecutionError, "not authorized to read #{model.name}"
+              end
+
+              begin
+                if where
+                  blob = where.to_h.stringify_keys
+                  graph = builder.graph_params_from_find_blob(aa_res, blob)
+                  rid = ActiveAdmin::PrimaryKey.member_param_hash(model, blob)
+                else
+                  graph = builder.graph_params_for_mutation(aa_res, kw)
+                  rid = ActiveAdmin::PrimaryKey.field_kw_to_param_hash(model, id: id, **kw)
+                end
+              rescue ArgumentError => e
+                raise ::GraphQL::ExecutionError, e.message
+              end
+
+              proxy = ResourceQueryProxy.new(
+                aa_resource: aa_res,
+                user: auth.user,
+                namespace: ns,
+                graph_params: graph
+              )
+              record = builder.graphql_resolve_show(
+                aa_res,
+                proxy: proxy,
+                context: context,
+                id: rid,
+                graph_params: graph,
+                where: where,
+                id_argument: id
+              )
+              return nil unless record
+
+              unless auth.authorized?(aa_res, ActiveAdmin::Authorization::READ, record)
+                raise ::GraphQL::ExecutionError, "not authorized to read this record"
+              end
+
+              record
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_admin/graphql/schema_builder/query_type_pages.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module ActiveAdmin
+  module GraphQL
+    class SchemaBuilder
+      module QueryTypePages
+        def add_page_query_fields!(query_class, builder:, ns:)
+          ns.resources.each do |page|
+            next unless page.is_a?(ActiveAdmin::Page)
+
+            page.graphql_fields.each do |spec|
+              fname = spec[:name].to_sym
+              gql_t = spec[:type]
+              null = spec[:null]
+              desc = spec[:description]
+              resolver = spec[:resolver]
+
+              if gql_t.nil?
+                raise ArgumentError,
+                  "graphql_field :#{spec[:name]} on page #{page.name.inspect} requires a GraphQL type"
+              end
+
+              kwargs = {null: null, camelize: false, visibility: {kind: :query_page_field, field_name: fname.to_s, page: page}}
+              kwargs[:description] = desc if desc
+              query_class.class_eval do
+                field fname, gql_t, **kwargs
+
+                define_method(fname) do
+                  auth = context[:auth]
+                  unless auth.authorized?(page, ActiveAdmin::Authorization::READ, page)
+                    raise ::GraphQL::ExecutionError, "not authorized for page field #{spec[:name]}"
+                  end
+                  raise ::GraphQL::ExecutionError, "graphql_field :#{spec[:name]} needs a resolver block" unless resolver
+
+                  instance_exec(auth.user, context, &resolver)
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_admin/graphql/schema_builder/query_type_registered.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module ActiveAdmin
+  module GraphQL
+    class SchemaBuilder
+      module QueryTypeRegistered
+        def add_registered_resource_query_field!(query_class, builder:, ns:, registered_resource_union:,
+          aa_by_graphql_type_name:)
+          query_class.class_eval do
+            field :registered_resource, registered_resource_union, null: true, camelize: false,
+              visibility: {kind: :query_registered_resource},
+              description: "Load any registered resource by GraphQL type name (+type_name+), " \
+                    "mirroring singular resource queries. Use +path+ for nested belongs_to route params." do
+              argument :type_name, ::GraphQL::Types::String, required: true, camelize: false
+              argument :id, ::GraphQL::Types::ID, required: true, camelize: false
+              argument :path, [KeyValuePairInput], required: false, camelize: false,
+                description: "Parent route params as flat key/value pairs (same keys as nested REST segments)."
+            end
+
+            define_method(:registered_resource) do |type_name:, id:, path: nil|
+              aa_res = aa_by_graphql_type_name[type_name.to_s]
+              raise ::GraphQL::ExecutionError, "unknown resource type_name #{type_name.inspect}" unless aa_res
+
+              model = aa_res.resource_class
+              auth = context[:auth]
+              unless auth.authorized?(aa_res, ActiveAdmin::Authorization::READ, model)
+                raise ::GraphQL::ExecutionError, "not authorized to read #{model.name}"
+              end
+
+              graph_params = KeyValuePairs.to_hash(path)
+              proxy = ResourceQueryProxy.new(
+                aa_resource: aa_res,
+                user: auth.user,
+                namespace: ns,
+                graph_params: graph_params
+              )
+              record = builder.graphql_resolve_show(
+                aa_res,
+                proxy: proxy,
+                context: context,
+                id: id,
+                graph_params: graph_params
+              )
+              return nil unless record
+
+              unless auth.authorized?(aa_res, ActiveAdmin::Authorization::READ, record)
+                raise ::GraphQL::ExecutionError, "not authorized to read this record"
+              end
+
+              record
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_admin/graphql/schema_builder/resolvers.rb

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+module ActiveAdmin
+  module GraphQL
+    class SchemaBuilder
+      module Resolvers
+        def mutation_extra_keyword_params(aa_res, kw)
+          skip =
+            if (btc = aa_res.belongs_to_config)
+              [btc.to_param.to_s]
+            else
+              []
+            end
+          kw.each_with_object({}) do |(key, val), h|
+            ks = key.to_s
+            next if skip.include?(ks)
+
+            h[ks] = val
+          end
+        end
+
+        def graphql_resolve_index(aa_res, proxy:, context:, graph_params:, **field_kwargs)
+          proc_ = aa_res.graphql_config.resolve_index_proc
+          base_kwargs = {graph_params: graph_params}.merge(field_kwargs)
+          if proc_
+            proc_.call(proxy: proxy, context: context, aa_resource: aa_res, auth: context[:auth], **base_kwargs)
+          else
+            proxy.relation_for_index
+          end
+        end
+
+        def graphql_resolve_show(aa_res, proxy:, context:, id:, graph_params:, **field_kwargs)
+          proc_ = aa_res.graphql_config.resolve_show_proc
+          base_kwargs = {id: id, graph_params: graph_params}.merge(field_kwargs)
+          if proc_
+            proc_.call(proxy: proxy, context: context, aa_resource: aa_res, auth: context[:auth], **base_kwargs)
+          else
+            proxy.find_member(id)
+          end
+        end
+
+        def graphql_resolve_batch_action(aa_res, proxy:, context:, batch_action:, ids:, inputs:)
+          inputs_h = coerce_action_param_map(inputs)
+          if (p = aa_res.graphql_config.batch_run_action.resolve_proc)
+            p.call(
+              proxy: proxy,
+              context: context,
+              aa_resource: aa_res,
+              auth: context[:auth],
+              batch_action: batch_action,
+              ids: ids,
+              inputs: inputs_h
+            )
+          else
+            proxy.run_batch_action(batch_action, ids, inputs: inputs_h)
+          end
+        end
+
+        def graphql_resolve_member_action(aa_res, proxy:, context:, action:, id:, params: nil, **kw)
+          extras = mutation_extra_keyword_params(aa_res, kw)
+          params_h = coerce_action_param_map(params).merge(extras.transform_keys(&:to_s))
+          per = aa_res.graphql_config.member_action_mutations[action.to_s]
+          resolve = per&.resolve_proc || aa_res.graphql_config.member_run_action.resolve_proc
+          if resolve
+            resolve.call(
+              proxy: proxy,
+              context: context,
+              aa_resource: aa_res,
+              auth: context[:auth],
+              action: action,
+              id: id,
+              params: params_h,
+              **extras
+            )
+          else
+            proxy.run_member_action(action, id, extra_params: params_h)
+          end
+        end
+
+        def graphql_resolve_collection_action(aa_res, proxy:, context:, action:, params: nil, **kw)
+          extras = mutation_extra_keyword_params(aa_res, kw)
+          params_h = coerce_action_param_map(params).merge(extras.transform_keys(&:to_s))
+          per = aa_res.graphql_config.collection_action_mutations[action.to_s]
+          resolve = per&.resolve_proc || aa_res.graphql_config.collection_run_action.resolve_proc
+          if resolve
+            resolve.call(
+              proxy: proxy,
+              context: context,
+              aa_resource: aa_res,
+              auth: context[:auth],
+              action: action,
+              params: params_h,
+              **extras
+            )
+          else
+            proxy.run_collection_action(action, extra_params: params_h)
+          end
+        end
+
+        def coerce_action_param_map(value)
+          return {} if value.nil?
+          return KeyValuePairs.to_hash(value) if value.is_a?(Array)
+
+          h = value.respond_to?(:to_unsafe_h) ? value.to_unsafe_h : value.to_h
+          h.stringify_keys
+        end
+
+        public :graphql_resolve_index,
+          :graphql_resolve_show,
+          :graphql_resolve_batch_action,
+          :graphql_resolve_member_action,
+          :graphql_resolve_collection_action
+      end
+    end
+  end
+end

data/lib/active_admin/graphql/schema_builder/resources.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module ActiveAdmin
+  module GraphQL
+    class SchemaBuilder
+      module Resources
+        private
+
+        def namespace_resources
+          @namespace.resources.select { |r| r.is_a?(ActiveAdmin::Resource) }
+        end
+
+        def active_resources
+          namespace_resources.select do |r|
+            next false if r.graphql_config.disabled?
+            next false unless r.resource_class < ActiveRecord::Base
+
+            true
+          end
+        end
+
+        def graphql_type_name_for(aa_res)
+          aa_res.graphql_config.graphql_type_name.presence ||
+            aa_res.resource_class.name.delete_prefix("::").gsub("::", "__")
+        end
+
+        def attributes_for(aa_res)
+          aa_res.attributes_for_graphql
+        end
+
+        def configure_schema_plugins(schema)
+          if (c = @namespace.graphql_max_complexity)
+            schema.max_complexity(c)
+          end
+          if (d = @namespace.graphql_max_depth)
+            schema.max_depth(d)
+          end
+          if (ps = @namespace.graphql_default_page_size)
+            schema.default_page_size(ps)
+          end
+          if (mps = @namespace.graphql_default_max_page_size)
+            schema.default_max_page_size(mps)
+          end
+        end
+      end
+    end
+  end
+end