graphql 1.12.16 → 1.12.20

data/lib/graphql/schema/field.rb

@@ -122,6 +122,9 @@ module GraphQL
           else
             kwargs[:type] = type
           end
+          if type.is_a?(Class) && type < GraphQL::Schema::Mutation
+            raise ArgumentError, "Use `field #{name.inspect}, mutation: Mutation, ...` to provide a mutation to this field instead"
+          end
         end
         new(**kwargs, &block)
       end
@@ -510,6 +513,7 @@ module GraphQL
         field_defn
       end
 
+      class MissingReturnTypeError < GraphQL::Error; end
       attr_writer :type
 
       def type
@@ -517,14 +521,21 @@ module GraphQL
           Member::BuildType.parse_type(@function.type, null: false)
         elsif @field
           Member::BuildType.parse_type(@field.type, null: false)
+        elsif @return_type_expr.nil?
+          # Not enough info to determine type
+          message = "Can't determine the return type for #{self.path}"
+          if @resolver_class
+            message += " (it has `resolver: #{@resolver_class}`, consider configuration a `type ...` for that class)"
+          end
+          raise MissingReturnTypeError, message
         else
           Member::BuildType.parse_type(@return_type_expr, null: @return_type_null)
         end
-      rescue GraphQL::Schema::InvalidDocumentError => err
+      rescue GraphQL::Schema::InvalidDocumentError, MissingReturnTypeError => err
         # Let this propagate up
         raise err
       rescue StandardError => err
-        raise ArgumentError, "Failed to build return type for #{@owner.graphql_name}.#{name} from #{@return_type_expr.inspect}: (#{err.class}) #{err.message}", err.backtrace
+        raise MissingReturnTypeError, "Failed to build return type for #{@owner.graphql_name}.#{name} from #{@return_type_expr.inspect}: (#{err.class}) #{err.message}", err.backtrace
       end
 
       def visible?(context)
@@ -608,8 +619,7 @@ module GraphQL
             if is_authorized
               public_send_field(object, args, ctx)
             else
-              err = GraphQL::UnauthorizedFieldError.new(object: application_object, type: object.class, context: ctx, field: self)
-              ctx.schema.unauthorized_field(err)
+              raise GraphQL::UnauthorizedFieldError.new(object: application_object, type: object.class, context: ctx, field: self)
             end
           end
         rescue GraphQL::UnauthorizedFieldError => err

data/lib/graphql/schema/input_object.rb

@@ -40,11 +40,7 @@ module GraphQL
             # With the interpreter, it's done during `coerce_arguments`
             if loads && !arg_defn.from_resolver? && !context.interpreter?
               value = @ruby_style_hash[ruby_kwargs_key]
-              loaded_value = if arg_defn.type.list?
-                value.map { |val| load_application_object(arg_defn, loads, val, context) }
-              else
-                load_application_object(arg_defn, loads, value, context)
-              end
+              loaded_value = arg_defn.load_and_authorize_value(self, value, context)
               maybe_lazies << context.schema.after_lazy(loaded_value) do |loaded_value|
                 overwrite_argument(ruby_kwargs_key, loaded_value)
               end
@@ -71,11 +67,11 @@ module GraphQL
       end
 
       def prepare
-        if context
-          context.schema.after_any_lazies(@maybe_lazies) do
-            object = context[:current_object]
+        if @context
+          @context.schema.after_any_lazies(@maybe_lazies) do
+            object = @context[:current_object]
             # Pass this object's class with `as` so that messages are rendered correctly from inherited validators
-            Schema::Validator.validate!(self.class.validators, object, context, @ruby_style_hash, as: self.class)
+            Schema::Validator.validate!(self.class.validators, object, @context, @ruby_style_hash, as: self.class)
             self
           end
         else

data/lib/graphql/schema/member/has_arguments.rb

@@ -37,6 +37,40 @@ module GraphQL
           end
           arg_defn = self.argument_class.new(*args, **kwargs, &block)
           add_argument(arg_defn)
+
+          if self.is_a?(Class) && !method_defined?(:"load_#{arg_defn.keyword}")
+            method_owner = if self < GraphQL::Schema::InputObject || self < GraphQL::Schema::Directive
+              "self."
+            elsif self < GraphQL::Schema::Resolver
+              ""
+            else
+              raise "Unexpected argument owner: #{self}"
+            end
+            if loads && arg_defn.type.list?
+              class_eval <<-RUBY, __FILE__, __LINE__ + 1
+              def #{method_owner}load_#{arg_defn.keyword}(values, context = nil)
+                argument = get_argument("#{arg_defn.graphql_name}")
+                (context || self.context).schema.after_lazy(values) do |values2|
+                  GraphQL::Execution::Lazy.all(values2.map { |value| load_application_object(argument, value, context || self.context) })
+                end
+              end
+              RUBY
+            elsif loads
+              class_eval <<-RUBY, __FILE__, __LINE__ + 1
+              def #{method_owner}load_#{arg_defn.keyword}(value, context = nil)
+                argument = get_argument("#{arg_defn.graphql_name}")
+                load_application_object(argument, value, context || self.context)
+              end
+              RUBY
+            else
+              class_eval <<-RUBY, __FILE__, __LINE__ + 1
+              def #{method_owner}load_#{arg_defn.keyword}(value, _context = nil)
+                value
+              end
+              RUBY
+            end
+          end
+          arg_defn
         end
 
         # Register this argument with the class.
@@ -94,54 +128,52 @@ module GraphQL
           arg_defns = self.arguments
           total_args_count = arg_defns.size
 
-          if total_args_count == 0
-            final_args = GraphQL::Execution::Interpreter::Arguments::EMPTY
-            if block_given?
-              block.call(final_args)
-              nil
+          finished_args = nil
+          prepare_finished_args = -> {
+            if total_args_count == 0
+              finished_args = GraphQL::Execution::Interpreter::Arguments::EMPTY
+              if block_given?
+                block.call(finished_args)
+              end
             else
-              final_args
-            end
-          else
-            finished_args = nil
-            argument_values = {}
-            resolved_args_count = 0
-            raised_error = false
-            arg_defns.each do |arg_name, arg_defn|
-              context.dataloader.append_job do
-                begin
-                  arg_defn.coerce_into_values(parent_object, values, context, argument_values)
-                rescue GraphQL::ExecutionError, GraphQL::UnauthorizedError => err
-                  raised_error = true
-                  if block_given?
-                    block.call(err)
-                  else
+              argument_values = {}
+              resolved_args_count = 0
+              raised_error = false
+              arg_defns.each do |arg_name, arg_defn|
+                context.dataloader.append_job do
+                  begin
+                    arg_defn.coerce_into_values(parent_object, values, context, argument_values)
+                  rescue GraphQL::ExecutionError, GraphQL::UnauthorizedError => err
+                    raised_error = true
                     finished_args = err
+                    if block_given?
+                      block.call(finished_args)
+                    end
                   end
-                end
-
-                resolved_args_count += 1
-                if resolved_args_count == total_args_count && !raised_error
-                  finished_args = context.schema.after_any_lazies(argument_values.values) {
-                    GraphQL::Execution::Interpreter::Arguments.new(
-                      argument_values: argument_values,
-                    )
-                  }
 
-                  if block_given?
-                    block.call(finished_args)
+                  resolved_args_count += 1
+                  if resolved_args_count == total_args_count && !raised_error
+                    finished_args = context.schema.after_any_lazies(argument_values.values) {
+                      GraphQL::Execution::Interpreter::Arguments.new(
+                        argument_values: argument_values,
+                      )
+                    }
+                    if block_given?
+                      block.call(finished_args)
+                    end
                   end
                 end
               end
             end
+          }
 
-            if block_given?
-              nil
-            else
-              # This API returns eagerly, gotta run it now
-              context.dataloader.run
-              finished_args
-            end
+          if block_given?
+            prepare_finished_args.call
+            nil
+          else
+            # This API returns eagerly, gotta run it now
+            context.dataloader.run_isolated(&prepare_finished_args)
+            finished_args
           end
         end
 
@@ -186,12 +218,20 @@ module GraphQL
             context.schema.object_from_id(id, context)
           end
 
-          def load_application_object(argument, lookup_as_type, id, context)
+          def load_application_object(argument, id, context)
             # See if any object can be found for this ID
             if id.nil?
               return nil
             end
-            loaded_application_object = object_from_id(lookup_as_type, id, context)
+            object_from_id(argument.loads, id, context)
+          end
+
+          def load_and_authorize_application_object(argument, id, context)
+            loaded_application_object = load_application_object(argument, id, context)
+            authorize_application_object(argument, id, context, loaded_application_object)
+          end
+
+          def authorize_application_object(argument, id, context, loaded_application_object)
             context.schema.after_lazy(loaded_application_object) do |application_object|
               if application_object.nil?
                 err = GraphQL::LoadApplicationObjectFailedError.new(argument: argument, id: id, object: application_object)
@@ -199,9 +239,9 @@ module GraphQL
               end
               # Double-check that the located object is actually of this type
               # (Don't want to allow arbitrary access to objects this way)
-              resolved_application_object_type = context.schema.resolve_type(lookup_as_type, application_object, context)
+              resolved_application_object_type = context.schema.resolve_type(argument.loads, application_object, context)
               context.schema.after_lazy(resolved_application_object_type) do |application_object_type|
-                possible_object_types = context.warden.possible_types(lookup_as_type)
+                possible_object_types = context.warden.possible_types(argument.loads)
                 if !possible_object_types.include?(application_object_type)
                   err = GraphQL::LoadApplicationObjectFailedError.new(argument: argument, id: id, object: application_object)
                   load_application_object_failed(err)
@@ -214,11 +254,17 @@ module GraphQL
                       if authed
                         application_object
                       else
-                        raise GraphQL::UnauthorizedError.new(
+                        err = GraphQL::UnauthorizedError.new(
                           object: application_object,
                           type: class_based_type,
                           context: context,
                         )
+                        if self.respond_to?(:unauthorized_object)
+                          err.set_backtrace(caller)
+                          unauthorized_object(err)
+                        else
+                          raise err
+                        end
                       end
                     end
                   else

data/lib/graphql/schema/resolver.rb

@@ -28,7 +28,7 @@ module GraphQL
       include Schema::Member::HasPath
       extend Schema::Member::HasPath
 
-      # @param object [Object] the initialize object, pass to {Query.initialize} as `root_value`
+      # @param object [Object] The application object that this field is being resolved on
       # @param context [GraphQL::Query::Context]
       # @param field [GraphQL::Schema::Field]
       def initialize(object:, context:, field:)
@@ -40,7 +40,6 @@ module GraphQL
         self.class.arguments.each do |name, arg|
           @arguments_by_keyword[arg.keyword] = arg
         end
-        @arguments_loads_as_type = self.class.arguments_loads_as_type
         @prepared_arguments = nil
       end
 
@@ -110,7 +109,7 @@ module GraphQL
                     public_send(self.class.resolve_method)
                   end
                 else
-                  nil
+                  raise GraphQL::UnauthorizedFieldError.new(context: context, object: object, type: field.owner, field: field)
                 end
               end
             end
@@ -161,6 +160,16 @@ module GraphQL
         end
       end
 
+      # Called when an object loaded by `loads:` fails the `.authorized?` check for its resolved GraphQL object type.
+      #
+      # By default, the error is re-raised and passed along to {{Schema.unauthorized_object}}.
+      #
+      # Any value returned here will be used _instead of_ of the loaded object.
+      # @param err [GraphQL::UnauthorizedError]
+      def unauthorized_object(err)
+        raise err
+      end
+
       private
 
       def load_arguments(args)
@@ -170,18 +179,14 @@ module GraphQL
         args.each do |key, value|
           arg_defn = @arguments_by_keyword[key]
           if arg_defn
-            if value.nil?
-              prepared_args[key] = value
-            else
-              prepped_value = prepared_args[key] = load_argument(key, value)
-              if context.schema.lazy?(prepped_value)
-                prepare_lazies << context.schema.after_lazy(prepped_value) do |finished_prepped_value|
-                  prepared_args[key] = finished_prepped_value
-                end
+            prepped_value = prepared_args[key] = arg_defn.load_and_authorize_value(self, value, context)
+            if context.schema.lazy?(prepped_value)
+              prepare_lazies << context.schema.after_lazy(prepped_value) do |finished_prepped_value|
+                prepared_args[key] = finished_prepped_value
               end
             end
           else
-            # These are `extras: [...]`
+            # these are `extras:`
             prepared_args[key] = value
           end
         end
@@ -194,8 +199,8 @@ module GraphQL
         end
       end
 
-      def load_argument(name, value)
-        public_send("load_#{name}", value)
+      def get_argument(name)
+        self.class.get_argument(name)
       end
 
       class << self
@@ -218,8 +223,10 @@ module GraphQL
           own_extras + (superclass.respond_to?(:extras) ? superclass.extras : [])
         end
 
-        # Specifies whether or not the field is nullable. Defaults to `true`
-        # TODO unify with {#type}
+        # If `true` (default), then the return type for this resolver will be nullable.
+        # If `false`, then the return type is non-null.
+        #
+        # @see #type which sets the return type of this field and accepts a `null:` option
         # @param allow_null [Boolean] Whether or not the response can be null
         def null(allow_null = nil)
           if !allow_null.nil?
@@ -332,47 +339,9 @@ module GraphQL
         # also add some preparation hook methods which will be used for this argument
         # @see {GraphQL::Schema::Argument#initialize} for the signature
         def argument(*args, **kwargs, &block)
-          loads = kwargs[:loads]
           # Use `from_resolver: true` to short-circuit the InputObject's own `loads:` implementation
           # so that we can support `#load_{x}` methods below.
-          arg_defn = super(*args, from_resolver: true, **kwargs)
-          own_arguments_loads_as_type[arg_defn.keyword] = loads if loads
-
-          if !method_defined?(:"load_#{arg_defn.keyword}")
-            if loads && arg_defn.type.list?
-              class_eval <<-RUBY, __FILE__, __LINE__ + 1
-              def load_#{arg_defn.keyword}(values)
-                argument = @arguments_by_keyword[:#{arg_defn.keyword}]
-                lookup_as_type = @arguments_loads_as_type[:#{arg_defn.keyword}]
-                context.schema.after_lazy(values) do |values2|
-                  GraphQL::Execution::Lazy.all(values2.map { |value| load_application_object(argument, lookup_as_type, value, context) })
-                end
-              end
-              RUBY
-            elsif loads
-              class_eval <<-RUBY, __FILE__, __LINE__ + 1
-              def load_#{arg_defn.keyword}(value)
-                argument = @arguments_by_keyword[:#{arg_defn.keyword}]
-                lookup_as_type = @arguments_loads_as_type[:#{arg_defn.keyword}]
-                load_application_object(argument, lookup_as_type, value, context)
-              end
-              RUBY
-            else
-              class_eval <<-RUBY, __FILE__, __LINE__ + 1
-              def load_#{arg_defn.keyword}(value)
-                value
-              end
-              RUBY
-            end
-          end
-
-          arg_defn
-        end
-
-        # @api private
-        def arguments_loads_as_type
-          inherited_lookups = superclass.respond_to?(:arguments_loads_as_type) ? superclass.arguments_loads_as_type : {}
-          inherited_lookups.merge(own_arguments_loads_as_type)
+          super(*args, from_resolver: true, **kwargs)
         end
 
         # Registers new extension
@@ -408,10 +377,6 @@ module GraphQL
         def own_extensions
           @own_extensions
         end
-
-        def own_arguments_loads_as_type
-          @own_arguments_loads_as_type ||= {}
-        end
       end
     end
   end

data/lib/graphql/schema/subscription.rb

@@ -14,7 +14,7 @@ module GraphQL
     class Subscription < GraphQL::Schema::Resolver
       extend GraphQL::Schema::Resolver::HasPayloadType
       extend GraphQL::Schema::Member::HasFields
-
+      NO_UPDATE = :no_update
       # The generated payload type is required; If there's no payload,
       # propagate null.
       null false
@@ -58,11 +58,9 @@ module GraphQL
         end
       end
 
-      # Default implementation returns the root object.
+      # The default implementation returns nothing on subscribe.
       # Override it to return an object or
-      # `:no_response` to return nothing.
-      #
-      # The default is `:no_response`.
+      # `:no_response` to (explicitly) return nothing.
       def subscribe(args = {})
         :no_response
       end
@@ -70,7 +68,7 @@ module GraphQL
       # Wrap the user-provided `#update` hook
       def resolve_update(**args)
         ret_val = args.any? ? update(**args) : update
-        if ret_val == :no_update
+        if ret_val == NO_UPDATE
           context.namespace(:subscriptions)[:no_update] = true
           context.skip
         else
@@ -79,7 +77,7 @@ module GraphQL
       end
 
       # The default implementation returns the root object.
-      # Override it to return `:no_update` if you want to
+      # Override it to return {NO_UPDATE} if you want to
       # skip updates sometimes. Or override it to return a different object.
       def update(args = {})
         object
@@ -124,7 +122,7 @@ module GraphQL
       # In that implementation, only `.trigger` calls with _exact matches_ result in updates to subscribers.
       #
       # To implement a filtered stream-type subscription flow, override this method to return a string with field name and subscription scope.
-      # Then, implement {#update} to compare its arguments to the current `object` and return `:no_update` when an
+      # Then, implement {#update} to compare its arguments to the current `object` and return {NO_UPDATE} when an
       # update should be filtered out.
       #
       # @see {#update} for how to skip updates when an event comes with a matching topic.

data/lib/graphql/schema/validator/allow_blank_validator.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module GraphQL
+  class Schema
+    class Validator
+      # Use this to specifically reject values that respond to `.blank?` and respond truthy for that method.
+      #
+      # @example Require a non-empty string for an argument
+      #   argument :name, String, required: true, validate: { allow_blank: false }
+      class AllowBlankValidator < Validator
+        def initialize(allow_blank_positional, allow_blank: nil, message: "%{validated} can't be blank", **default_options)
+          @message = message
+          super(**default_options)
+          @allow_blank = allow_blank.nil? ? allow_blank_positional : allow_blank
+        end
+
+        def validate(_object, _context, value)
+          if value.respond_to?(:blank?) && value.blank?
+            if (value.nil? && @allow_null) || @allow_blank
+              # pass
+            else
+              @message
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/graphql/schema/validator/allow_null_validator.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module GraphQL
+  class Schema
+    class Validator
+      # Use this to specifically reject or permit `nil` values (given as `null` from GraphQL).
+      #
+      # @example require a non-null value for an argument if it is provided
+      #   argument :name, String, required: false, validates: { allow_null: false }
+      class AllowNullValidator < Validator
+        MESSAGE = "%{validated} can't be null"
+        def initialize(allow_null_positional, allow_null: nil, message: MESSAGE, **default_options)
+          @message = message
+          super(**default_options)
+          @allow_null = allow_null.nil? ? allow_null_positional : allow_null
+        end
+
+        def validate(_object, _context, value)
+          if value.nil? && !@allow_null
+            @message
+          end
+        end
+      end
+    end
+  end
+end

data/lib/graphql/schema/validator/exclusion_validator.rb

@@ -21,7 +21,9 @@ module GraphQL
         end
 
         def validate(_object, _context, value)
-          if @in_list.include?(value)
+          if permitted_empty_value?(value)
+            # pass
+          elsif @in_list.include?(value)
             @message
           end
         end

data/lib/graphql/schema/validator/format_validator.rb

@@ -38,7 +38,8 @@ module GraphQL
         end
 
         def validate(_object, _context, value)
-          if (@with_pattern && !value.match?(@with_pattern)) ||
+          if value.nil? ||
+              (@with_pattern && !value.match?(@with_pattern)) ||
               (@without_pattern && value.match?(@without_pattern))
             @message
           end

data/lib/graphql/schema/validator/inclusion_validator.rb

@@ -23,7 +23,9 @@ module GraphQL
         end
 
         def validate(_object, _context, value)
-          if !@in_list.include?(value)
+          if permitted_empty_value?(value)
+            # pass
+          elsif !@in_list.include?(value)
             @message
           end
         end

data/lib/graphql/schema/validator/length_validator.rb

@@ -43,11 +43,13 @@ module GraphQL
         end
 
         def validate(_object, _context, value)
-          if @maximum && value.length > @maximum
+          return if permitted_empty_value?(value) # pass in this case
+          length = value.nil? ? 0 : value.length
+          if @maximum && length > @maximum
             partial_format(@too_long, { count: @maximum })
-          elsif @minimum && value.length < @minimum
+          elsif @minimum && length < @minimum
             partial_format(@too_short, { count: @minimum })
-          elsif @is && value.length != @is
+          elsif @is && length != @is
             partial_format(@wrong_length, { count: @is })
           end
         end

data/lib/graphql/schema/validator/numericality_validator.rb

@@ -24,13 +24,15 @@ module GraphQL
         # @param other_than [Integer]
         # @param odd [Boolean]
         # @param even [Boolean]
+        # @param within [Range]
         # @param message [String] used for all validation failures
         def initialize(
             greater_than: nil, greater_than_or_equal_to: nil,
             less_than: nil, less_than_or_equal_to: nil,
             equal_to: nil, other_than: nil,
-            odd: nil, even: nil,
+            odd: nil, even: nil, within: nil,
             message: "%{validated} must be %{comparison} %{target}",
+            null_message: Validator::AllowNullValidator::MESSAGE,
             **default_options
           )
 
@@ -42,12 +44,18 @@ module GraphQL
           @other_than = other_than
           @odd = odd
           @even = even
+          @within = within
           @message = message
+          @null_message = null_message
           super(**default_options)
         end
 
         def validate(object, context, value)
-          if @greater_than && value <= @greater_than
+          if permitted_empty_value?(value)
+            # pass in this case
+          elsif value.nil? # @allow_null is handled in the parent class
+            @null_message
+          elsif @greater_than && value <= @greater_than
             partial_format(@message, { comparison: "greater than", target: @greater_than })
           elsif @greater_than_or_equal_to && value < @greater_than_or_equal_to
             partial_format(@message, { comparison: "greater than or equal to", target: @greater_than_or_equal_to })
@@ -63,6 +71,8 @@ module GraphQL
             (partial_format(@message, { comparison: "even", target: "" })).strip
           elsif @odd && !value.odd?
             (partial_format(@message, { comparison: "odd", target: "" })).strip
+          elsif @within && !@within.include?(value)
+            partial_format(@message, { comparison: "within", target: @within })
           end
         end
       end