graphql 1.8.3 → 1.8.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9b0ed1ae533e9983c59332bf6ad38dd5db6e2c92
-  data.tar.gz: 928cd4a961b87fdc43ffe2b71bfd34cea0ae0349
+  metadata.gz: 879e9096d14bb82f2c28f57c60d34e66c6706181
+  data.tar.gz: c39e6b2c81303fba7c2dfa1527932af7d8eb9d31
 SHA512:
-  metadata.gz: 1f35a05c996558a3742b79e71e89bb83b5dbc41d432e42d6dd06a9a00c3a616c5d0cb1bd23d80b48b66dff52285866ce614d781fd6abe6c61f64df57f3fa41ce
-  data.tar.gz: 6d3fba06e769adf32bd38f450c5d0d7b21f462e8b93160663c1f1c5f9731e1bf27985b25b20b850e9335be114dc28298f9a6dafd323ffb4d2b5640ae33906f80
+  metadata.gz: 79d69e540d7cb3063ce6fea65286f0e66634edeced066930cbc63de169eb9f2a53412f606aacfbf02e28fccfd11781122e95cc31ee234073c6b0f3246c7ac26e
+  data.tar.gz: 4fe1822b9f021f064a2ba383c65a8c889a4acd08927f0c99ed9d9e473890474c3529afa97ed5cb95fd4f67f5d7754b595cdd654734a2fa595ecfebebeb4ff2a8

data/lib/graphql.rb

@@ -67,8 +67,9 @@ require "graphql/language"
 require "graphql/analysis"
 require "graphql/tracing"
 require "graphql/execution"
-require "graphql/relay"
 require "graphql/schema"
+require "graphql/types"
+require "graphql/relay"
 require "graphql/boolean_type"
 require "graphql/float_type"
 require "graphql/id_type"
@@ -98,3 +99,5 @@ require "graphql/parse_error"
 require "graphql/backtrace"
 
 require "graphql/deprecated_dsl"
+require "graphql/authorization"
+require "graphql/unauthorized_error"

data/lib/graphql/argument.rb

@@ -38,6 +38,7 @@ module GraphQL
     accepts_definitions :name, :type, :description, :default_value, :as, :prepare
     attr_accessor :type, :description, :default_value, :name, :as
     attr_accessor :ast_node
+    alias :graphql_name :name
 
     ensure_defined(:name, :description, :default_value, :type=, :type, :as, :expose_as, :prepare)
 

data/lib/graphql/authorization.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+module GraphQL
+  module Authorization
+    class InaccessibleFieldsError < GraphQL::AnalysisError
+      # @return [Array<Schema::Field, GraphQL::Field>] Fields that failed `.accessible?` checks
+      attr_reader :fields
+
+      # @return [GraphQL::Query::Context] The current query's context
+      attr_reader :context
+
+      # @return [Array<GraphQL::InternalRepresentation::Node>] The visited nodes that failed `.accessible?` checks
+      # @see {#fields} for the Field definitions
+      attr_reader :irep_nodes
+
+      def initialize(fields:, irep_nodes:, context:)
+        @fields = fields
+        @irep_nodes = irep_nodes
+        @context = context
+        super("Some fields in this query are not accessible: #{fields.map(&:graphql_name).join(", ")}")
+      end
+    end
+
+    module Analyzer
+      module_function
+      def initial_value(query)
+        {
+          schema: query.schema,
+          context: query.context,
+          inaccessible_nodes: [],
+        }
+      end
+
+      def call(memo, visit_type, irep_node)
+        if visit_type == :enter
+          field = irep_node.definition
+          if field
+            schema = memo[:schema]
+            ctx = memo[:context]
+            next_field_accessible = schema.accessible?(field, ctx)
+            if !next_field_accessible
+              memo[:inaccessible_nodes] << irep_node
+            else
+              arg_accessible = true
+              irep_node.arguments.argument_values.each do |name, arg_value|
+                arg_accessible = schema.accessible?(arg_value.definition, ctx)
+                if !arg_accessible
+                  memo[:inaccessible_nodes] << irep_node
+                  break
+                end
+              end
+              if arg_accessible
+                return_type = field.type.unwrap
+                next_type_accessible = schema.accessible?(return_type, ctx)
+                if !next_type_accessible
+                  memo[:inaccessible_nodes] << irep_node
+                end
+              end
+            end
+          end
+        end
+        memo
+      end
+
+      def final_value(memo)
+        nodes = memo[:inaccessible_nodes]
+        if nodes.any?
+          fields = nodes.map do |node|
+            field_inst = node.definition
+            # Get the "source of truth" for this field
+            field_inst.metadata[:type_class] || field_inst
+          end
+          context = memo[:context]
+          err = InaccessibleFieldsError.new(fields: fields, irep_nodes: nodes, context: context)
+          context.schema.inaccessible_fields(err)
+        else
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/graphql/boolean_type.rb

@@ -1,3 +1,2 @@
 # frozen_string_literal: true
-require "graphql/types/boolean"
 GraphQL::BOOLEAN_TYPE = GraphQL::Types::Boolean.graphql_definition

data/lib/graphql/compatibility/lazy_execution_specification/lazy_schema.rb

@@ -32,7 +32,8 @@ module GraphQL
                 @context[:pushes] << @context[:lazy_pushes]
                 @context[:lazy_pushes] = []
               end
-              self
+              # Something that _behaves_ like this object, but isn't registered lazy
+              OpenStruct.new(value: @value)
             end
           end
         end

data/lib/graphql/execution/execute.rb

@@ -110,23 +110,47 @@ module GraphQL
             err
           end
 
-          # If the returned object is lazy (unfinished),
-          # assign the lazy object to `.value=` so we can resolve it later.
-          # When we resolve it later, reassign it to `.value=` so that
-          # the finished value replaces the unfinished one.
-          #
-          # If the returned object is finished, continue to coerce
-          # and resolve child fields
-          if query.schema.lazy?(raw_value)
+          if field_ctx.schema.lazy?(raw_value)
             field_ctx.value = Execution::Lazy.new {
               inner_value = field_ctx.trace("execute_field_lazy", {context: field_ctx}) {
                 begin
-                  field.lazy_resolve(raw_value, arguments, field_ctx)
+                  begin
+                    field_ctx.field.lazy_resolve(raw_value, arguments, field_ctx)
+                  rescue GraphQL::UnauthorizedError => err
+                    field_ctx.schema.unauthorized_object(err)
+                  end
                 rescue GraphQL::ExecutionError => err
                   err
                 end
               }
-              field_ctx.value = continue_resolve_field(inner_value, field_ctx)
+              continue_or_wait(inner_value, arguments, field_ctx)
+            }
+          else
+            continue_or_wait(raw_value, arguments, field_ctx)
+          end
+        end
+
+        # If the returned object is lazy (unfinished),
+        # assign the lazy object to `.value=` so we can resolve it later.
+        # When we resolve it later, reassign it to `.value=` so that
+        # the finished value replaces the unfinished one.
+        #
+        # If the returned object is finished, continue to coerce
+        # and resolve child fields
+        def continue_or_wait(raw_value, arguments, field_ctx)
+          if (lazy_method = field_ctx.schema.lazy_method_name(raw_value))
+            field_ctx.value = Execution::Lazy.new {
+              inner_value = begin
+                  begin
+                    raw_value.public_send(lazy_method)
+                  rescue GraphQL::UnauthorizedError => err
+                    field_ctx.schema.unauthorized_object(err)
+                  end
+                rescue GraphQL::ExecutionError => err
+                  err
+                end
+
+              field_ctx.value = continue_or_wait(inner_value, arguments, field_ctx)
             }
           else
             field_ctx.value = continue_resolve_field(raw_value, field_ctx)

data/lib/graphql/execution/lazy.rb

@@ -31,7 +31,11 @@ module GraphQL
         if !@resolved
           @resolved = true
           @value = begin
-            @get_value_func.call
+            v = @get_value_func.call
+            if v.is_a?(Lazy)
+              v = v.value
+            end
+            v
           rescue GraphQL::ExecutionError => err
             err
           end

data/lib/graphql/field.rb

@@ -157,6 +157,7 @@ module GraphQL
 
     # @return [String] The name of this field on its {GraphQL::ObjectType} (or {GraphQL::InterfaceType})
     attr_accessor :name
+    alias :graphql_name :name
 
     # @return [String, nil] The client-facing description of this field
     attr_accessor :description
@@ -323,7 +324,12 @@ module GraphQL
     module DefaultLazyResolve
       def self.call(obj, args, ctx)
         method_name = ctx.schema.lazy_method_name(obj)
-        obj.public_send(method_name)
+        next_obj = obj.public_send(method_name)
+        if ctx.schema.lazy?(next_obj)
+          call(next_obj, args, ctx)
+        else
+          next_obj
+        end
       end
     end
   end

data/lib/graphql/float_type.rb

@@ -1,3 +1,2 @@
 # frozen_string_literal: true
-require "graphql/types/float"
 GraphQL::FLOAT_TYPE = GraphQL::Types::Float.graphql_definition

data/lib/graphql/id_type.rb

@@ -1,3 +1,2 @@
 # frozen_string_literal: true
-require "graphql/types/id"
 GraphQL::ID_TYPE = GraphQL::Types::ID.graphql_definition

data/lib/graphql/int_type.rb

@@ -1,3 +1,2 @@
 # frozen_string_literal: true
-require "graphql/types/int"
 GraphQL::INT_TYPE = GraphQL::Types::Int.graphql_definition

data/lib/graphql/introspection/entry_points.rb

@@ -11,7 +11,7 @@ module GraphQL
         # Apply wrapping manually since this field isn't wrapped by instrumentation
         schema = @context.query.schema
         schema_type = schema.introspection_system.schema_type
-        schema_type.metadata[:type_class].new(schema, @context)
+        schema_type.metadata[:type_class].authorized_new(schema, @context)
       end
 
       def __type(name:)
@@ -19,7 +19,7 @@ module GraphQL
         if type
           # Apply wrapping manually since this field isn't wrapped by instrumentation
           type_type = @context.schema.introspection_system.type_type
-          type_type.metadata[:type_class].new(type, @context)
+          type_type.metadata[:type_class].authorized_new(type, @context)
         else
           nil
         end

data/lib/graphql/object_type.rb

@@ -22,11 +22,11 @@ module GraphQL
   #   end
   #
   class ObjectType < GraphQL::BaseType
-    accepts_definitions :interfaces, :fields, :mutation, field: GraphQL::Define::AssignObjectField
+    accepts_definitions :interfaces, :fields, :mutation, :relay_node_type, field: GraphQL::Define::AssignObjectField
     accepts_definitions implements: ->(type, *interfaces, inherit: false) { type.implements(interfaces, inherit: inherit) }
 
-    attr_accessor :fields, :mutation
-    ensure_defined(:fields, :mutation, :interfaces)
+    attr_accessor :fields, :mutation, :relay_node_type
+    ensure_defined(:fields, :mutation, :interfaces, :relay_node_type)
 
     # @!attribute fields
     #   @return [Hash<String => GraphQL::Field>] Map String fieldnames to their {GraphQL::Field} implementations

data/lib/graphql/query.rb

@@ -128,6 +128,12 @@ module GraphQL
 
       @result_values = nil
       @executed = false
+
+      # TODO add a general way to define schema-level filters
+      # TODO also add this to schema dumps
+      if @schema.respond_to?(:visible?)
+        merge_filters(only: @schema.method(:visible?))
+      end
     end
 
     def subscription_update?

data/lib/graphql/query/arguments.rb

@@ -35,6 +35,8 @@ module GraphQL
         end
       end
 
+      attr_reader :argument_values
+
       def initialize(values, context:, defaults_used:)
         @argument_values = values.inject({}) do |memo, (inner_key, inner_value)|
           arg_name = inner_key.to_s

data/lib/graphql/query/context.rb

@@ -207,8 +207,14 @@ module GraphQL
           @query = context.query
           @schema = context.schema
           @tracers = @query.tracers
+          # This hack flag is required by ConnectionResolve
+          @wrapped_connection = false
+          @wrapped_object = false
         end
 
+        # @api private
+        attr_accessor :wrapped_connection, :wrapped_object
+
         def path
           @path ||= @parent.path.dup << @key
         end

data/lib/graphql/query/variables.rb

@@ -30,7 +30,13 @@ module GraphQL
             provided_value = @provided_variables[variable_name]
             value_was_provided =  @provided_variables.key?(variable_name)
 
-            validation_result = variable_type.validate_input(provided_value, ctx)
+            begin
+              validation_result = variable_type.validate_input(provided_value, ctx)
+            rescue GraphQL::CoercionError => ex
+              validation_result = GraphQL::Query::InputValidationResult.new
+              validation_result.add_problem(ex.message)
+            end
+
             if !validation_result.valid?
               # This finds variables that were required but not provided
               @errors << GraphQL::Query::VariableValidationError.new(ast_variable, variable_type, provided_value, validation_result)

data/lib/graphql/relay/connection_instrumentation.rb

@@ -36,8 +36,8 @@ module GraphQL
           connection_arguments = default_arguments.merge(field.arguments)
           original_resolve = field.resolve_proc
           original_lazy_resolve = field.lazy_resolve_proc
-          connection_resolve = GraphQL::Relay::ConnectionResolve.new(field, original_resolve, lazy: false)
-          connection_lazy_resolve = GraphQL::Relay::ConnectionResolve.new(field, original_lazy_resolve, lazy: true)
+          connection_resolve = GraphQL::Relay::ConnectionResolve.new(field, original_resolve)
+          connection_lazy_resolve = GraphQL::Relay::ConnectionResolve.new(field, original_lazy_resolve)
           field.redefine(
             resolve: connection_resolve,
             lazy_resolve: connection_lazy_resolve,

data/lib/graphql/relay/connection_resolve.rb

@@ -2,34 +2,24 @@
 module GraphQL
   module Relay
     class ConnectionResolve
-      def initialize(field, underlying_resolve, lazy:)
+      def initialize(field, underlying_resolve)
         @field = field
         @underlying_resolve = underlying_resolve
         @max_page_size = field.connection_max_page_size
-        @lazy = lazy
       end
 
       def call(obj, args, ctx)
-        if @lazy && obj.is_a?(LazyNodesWrapper)
-          parent = obj.parent
-          obj = obj.lazy_object
-        else
-          parent = obj
-        end
+        # in a lazy ressolve hook, obj is the promise,
+        # get the object that the promise was
+        # originally derived from
+        parent = ctx.object
 
         nodes = @underlying_resolve.call(obj, args, ctx)
 
-        if nodes.nil?
-          nil
-        elsif ctx.schema.lazy?(nodes)
-          if !@lazy
-            LazyNodesWrapper.new(obj, nodes)
-          else
-            nodes
-          end
-        elsif nodes.is_a?(GraphQL::Execution::Execute::Skip)
+        if nodes.nil? || ctx.schema.lazy?(nodes) || nodes.is_a?(GraphQL::Execution::Execute::Skip) || ctx.wrapped_connection
           nodes
         else
+          ctx.wrapped_connection = true
           build_connection(nodes, args, parent, ctx)
         end
       end
@@ -48,16 +38,6 @@ module GraphQL
           connection_class.new(nodes, args, field: @field, max_page_size: @max_page_size, parent: parent, context: ctx)
         end
       end
-
-      # A container for the proper `parent` of connection nodes.
-      # Without this wrapper, the lazy object _itself_ is passed into `build_connection`
-      # and it becomes the parent, which is wrong.
-      #
-      # We can get away with it because we know that this instrumentation will be applied last.
-      # That means its code after `underlying_resolve` will be _last_ on the way in.
-      # And, its code before `underlying_resolve` will be _first_ during lazy resolution.
-      # @api private
-      LazyNodesWrapper = Struct.new(:parent, :lazy_object)
     end
   end
 end

data/lib/graphql/relay/connection_type.rb

@@ -31,6 +31,7 @@ module GraphQL
           end
 
           field :pageInfo, !PageInfo, "Information to aid in pagination.", property: :page_info
+          relay_node_type(wrapped_type)
           block && instance_eval(&block)
         end
       end

data/lib/graphql/relay/edge_type.rb

@@ -9,6 +9,7 @@ module GraphQL
           description "An edge in a connection."
           field :node, wrapped_type, "The item at the end of the edge."
           field :cursor, !types.String, "A cursor for use in pagination."
+          relay_node_type(wrapped_type)
           block && instance_eval(&block)
         end
       end

data/lib/graphql/relay/edges_instrumentation.rb

@@ -4,15 +4,12 @@ module GraphQL
     module EdgesInstrumentation
       def self.instrument(type, field)
         if field.edges?
-          edges_resolve = EdgesResolve.new(
-            edge_class: field.edge_class,
-            resolve: field.resolve_proc,
-            lazy_resolve: field.lazy_resolve_proc,
-          )
+          edges_resolve = EdgesResolve.new(edge_class: field.edge_class, resolve: field.resolve_proc)
+          edges_lazy_resolve = EdgesResolve.new(edge_class: field.edge_class, resolve: field.lazy_resolve_proc)
 
           field.redefine(
-            resolve: edges_resolve.method(:resolve),
-            lazy_resolve: edges_resolve.method(:lazy_resolve),
+            resolve: edges_resolve,
+            lazy_resolve: edges_lazy_resolve,
           )
         else
           field
@@ -21,35 +18,22 @@ module GraphQL
 
 
       class EdgesResolve
-        def initialize(edge_class:, resolve:, lazy_resolve:)
+        def initialize(edge_class:, resolve:)
           @edge_class = edge_class
           @resolve_proc = resolve
-          @lazy_resolve_proc = lazy_resolve
         end
 
         # A user's custom Connection may return a lazy object,
         # if so, handle it later.
-        def resolve(obj, args, ctx)
+        def call(obj, args, ctx)
+          parent = ctx.object
           nodes = @resolve_proc.call(obj, args, ctx)
           if ctx.schema.lazy?(nodes)
-            ConnectionResolve::LazyNodesWrapper.new(obj, nodes)
+            nodes
           else
-            build_edges(nodes, obj)
+            nodes.map { |item| @edge_class.new(item, parent) }
           end
         end
-
-        # If we get this far, unwrap the wrapper,
-        # resolve the lazy object and make the edges as usual
-        def lazy_resolve(obj, args, ctx)
-          items = @lazy_resolve_proc.call(obj.lazy_object, args, ctx)
-          build_edges(items, obj.parent)
-        end
-
-        private
-
-        def build_edges(items, connection)
-          items.map { |item| @edge_class.new(item, connection) }
-        end
       end
     end
   end