graphql 2.0.29 → 2.1.0

data/lib/graphql/language/visitor.rb

@@ -31,11 +31,6 @@ module GraphQL
     #   visitor.count
     #   # => 3
     class Visitor
-      # If any hook returns this value, the {Visitor} stops visiting this
-      # node right away
-      # @deprecated Use `super` to continue the visit; or don't call it to halt.
-      SKIP = :_skip
-
       class DeleteNode; end
 
       # When this is returned from a visitor method,
@@ -44,25 +39,13 @@ module GraphQL
 
       def initialize(document)
         @document = document
-        @visitors = {}
         @result = nil
       end
 
       # @return [GraphQL::Language::Nodes::Document] The document with any modifications applied
       attr_reader :result
 
-      # Get a {NodeVisitor} for `node_class`
-      # @param node_class [Class] The node class that you want to listen to
-      # @return [NodeVisitor]
-      #
-      # @example Run a hook whenever you enter a new Field
-      #   visitor[GraphQL::Language::Nodes::Field] << ->(node, parent) { p "Here's a field" }
-      # @deprecated see `on_` methods, like {#on_field}
-      def [](node_class)
-        @visitors[node_class] ||= NodeVisitor.new
-      end
-
-      # Visit `document` and all children, applying hooks as you go
+      # Visit `document` and all children
       # @return [void]
       def visit
         # `@document` may be any kind of node:
@@ -88,7 +71,6 @@ module GraphQL
           # To customize this hook, override one of its make_visit_methods (or the base method?)
           # in your subclasses.
           #
-          # For compatibility, it calls hook procs, too.
           # @param node [GraphQL::Language::Nodes::AbstractNode] the node being visited
           # @param parent [GraphQL::Language::Nodes::AbstractNode, nil] the previously-visited node, or `nil` if this is the root node.
           # @return [Array, nil] If there were modifications, it returns an array of new nodes, otherwise, it returns `nil`.
@@ -98,29 +80,24 @@ module GraphQL
               # by a user hook, don't want to keep visiting in that case.
               [node, parent]
             else
-              # Run hooks if there are any
               new_node = node
-              no_hooks = !@visitors.key?(node.class)
-              if no_hooks || begin_visit(new_node, parent)
-                #{
-                  if method_defined?(child_visit_method)
-                    "new_node = #{child_visit_method}(new_node)"
-                  elsif children_of_type
-                    children_of_type.map do |child_accessor, child_class|
-                      "node.#{child_accessor}.each do |child_node|
-                        new_child_and_node = #{child_class.visit_method}_with_modifications(child_node, new_node)
-                        # Reassign `node` in case the child hook makes a modification
-                        if new_child_and_node.is_a?(Array)
-                          new_node = new_child_and_node[1]
-                        end
-                      end"
-                    end.join("\n")
-                  else
-                    ""
-                  end
-                }
-              end
-              end_visit(new_node, parent) unless no_hooks
+              #{
+                if method_defined?(child_visit_method)
+                  "new_node = #{child_visit_method}(new_node)"
+                elsif children_of_type
+                  children_of_type.map do |child_accessor, child_class|
+                    "node.#{child_accessor}.each do |child_node|
+                      new_child_and_node = #{child_class.visit_method}_with_modifications(child_node, new_node)
+                      # Reassign `node` in case the child hook makes a modification
+                      if new_child_and_node.is_a?(Array)
+                        new_node = new_child_and_node[1]
+                      end
+                    end"
+                  end.join("\n")
+                else
+                  ""
+                end
+              }
 
               if new_node.equal?(node)
                 [node, parent]
@@ -305,46 +282,6 @@ module GraphQL
           new_node_and_new_parent
         end
       end
-
-      def begin_visit(node, parent)
-        node_visitor = self[node.class]
-        self.class.apply_hooks(node_visitor.enter, node, parent)
-      end
-
-      # Should global `leave` visitors come first or last?
-      def end_visit(node, parent)
-        node_visitor = self[node.class]
-        self.class.apply_hooks(node_visitor.leave, node, parent)
-      end
-
-      # If one of the visitors returns SKIP, stop visiting this node
-      def self.apply_hooks(hooks, node, parent)
-        hooks.each do |proc|
-          return false if proc.call(node, parent) == SKIP
-        end
-        true
-      end
-
-      # Collect `enter` and `leave` hooks for classes in {GraphQL::Language::Nodes}
-      #
-      # Access {NodeVisitor}s via {GraphQL::Language::Visitor#[]}
-      class NodeVisitor
-        # @return [Array<Proc>] Hooks to call when entering a node of this type
-        attr_reader :enter
-        # @return [Array<Proc>] Hooks to call when leaving a node of this type
-        attr_reader :leave
-
-        def initialize
-          @enter = []
-          @leave = []
-        end
-
-        # Shorthand to add a hook to the {#enter} array
-        # @param hook [Proc] A hook to add
-        def <<(hook)
-          enter << hook
-        end
-      end
     end
   end
 end

data/lib/graphql/pagination/connection.rb

@@ -19,7 +19,14 @@ module GraphQL
       attr_reader :items
 
       # @return [GraphQL::Query::Context]
-      attr_accessor :context
+      attr_reader :context
+
+      def context=(new_ctx)
+        current_runtime_state = Thread.current[:__graphql_runtime_info]
+        query_runtime_state = current_runtime_state[new_ctx.query]
+        @was_authorized_by_scope_items = query_runtime_state.was_authorized_by_scope_items
+        @context = new_ctx
+      end
 
       # @return [Object] the object this collection belongs to
       attr_accessor :parent
@@ -83,6 +90,17 @@ module GraphQL
         else
           default_page_size
         end
+        @was_authorized_by_scope_items = if @context
+          current_runtime_state = Thread.current[:__graphql_runtime_info]
+          query_runtime_state = current_runtime_state[@context.query]
+          query_runtime_state.was_authorized_by_scope_items
+        else
+          nil
+        end
+      end
+
+      def was_authorized_by_scope_items?
+        @was_authorized_by_scope_items
       end
 
       def max_page_size=(new_value)
@@ -247,6 +265,10 @@ module GraphQL
         def cursor
           @cursor ||= @connection.cursor_for(@node)
         end
+
+        def was_authorized_by_scope_items?
+          @connection.was_authorized_by_scope_items?
+        end
       end
     end
   end

data/lib/graphql/query.rb

@@ -95,15 +95,10 @@ module GraphQL
     # @param root_value [Object] the object used to resolve fields on the root type
     # @param max_depth [Numeric] the maximum number of nested selections allowed for this query (falls back to schema-level value)
     # @param max_complexity [Numeric] the maximum field complexity for this query (falls back to schema-level value)
-    # @param except [<#call(schema_member, context)>] If provided, objects will be hidden from the schema when `.call(schema_member, context)` returns truthy
-    # @param only [<#call(schema_member, context)>] If provided, objects will be hidden from the schema when `.call(schema_member, context)` returns false
-    def initialize(schema, query_string = nil, query: nil, document: nil, context: nil, variables: nil, validate: true, static_validator: nil, subscription_topic: nil, operation_name: nil, root_value: nil, max_depth: schema.max_depth, max_complexity: schema.max_complexity, except: nil, only: nil, warden: nil)
+    def initialize(schema, query_string = nil, query: nil, document: nil, context: nil, variables: nil, validate: true, static_validator: nil, subscription_topic: nil, operation_name: nil, root_value: nil, max_depth: schema.max_depth, max_complexity: schema.max_complexity, warden: nil)
       # Even if `variables: nil` is passed, use an empty hash for simpler logic
       variables ||= {}
       @schema = schema
-      if only || except
-        merge_filters(except: except, only: only)
-      end
       @context = schema.context_class.new(query: self, object: root_value, values: context)
       @warden = warden
       @subscription_topic = subscription_topic
@@ -129,7 +124,6 @@ module GraphQL
         raise ArgumentError, "context[:tracers] are not supported without `trace_with(GraphQL::Tracing::CallLegacyTracers)` in the schema configuration, please add it."
       end
 
-
       @analysis_errors = []
       if variables.is_a?(String)
         raise ArgumentError, "Query variables should be a Hash, not a String. Try JSON.parse to prepare variables."
@@ -354,17 +348,6 @@ module GraphQL
       with_prepared_ast { @query }
     end
 
-    # @return [void]
-    def merge_filters(only: nil, except: nil)
-      if @prepared_ast
-        raise "Can't add filters after preparing the query"
-      else
-        @filter ||= @schema.default_filter
-        @filter = @filter.merge(only: only, except: except)
-      end
-      nil
-    end
-
     def subscription?
       with_prepared_ast { @subscription }
     end
@@ -400,7 +383,7 @@ module GraphQL
 
     def prepare_ast
       @prepared_ast = true
-      @warden ||= @schema.warden_class.new(@filter, schema: @schema, context: @context)
+      @warden ||= @schema.warden_class.new(schema: @schema, context: @context)
       parse_error = nil
       @document ||= begin
         if query_string

data/lib/graphql/rake_task.rb

@@ -9,8 +9,7 @@ module GraphQL
   # By default, schemas are looked up by name as constants using `schema_name:`.
   # You can provide a `load_schema` function to return your schema another way.
   #
-  # `load_context:`, `only:` and `except:` are supported so that
-  # you can keep an eye on how filters affect your schema.
+  # Use `load_context:` and `visible?` to dump schemas under certain visibility constraints.
   #
   # @example Dump a Schema to .graphql + .json files
   #   require "graphql/rake_task"
@@ -36,8 +35,6 @@ module GraphQL
       schema_name: nil,
       load_schema: ->(task) { Object.const_get(task.schema_name) },
       load_context: ->(task) { {} },
-      only: nil,
-      except: nil,
       directory: ".",
       idl_outfile: "schema.graphql",
       json_outfile: "schema.json",
@@ -68,12 +65,6 @@ module GraphQL
     # @return [<#call(task)>] A callable for loading the query context
     attr_accessor :load_context
 
-    # @return [<#call(member, ctx)>, nil] A filter for this task
-    attr_accessor :only
-
-    # @return [<#call(member, ctx)>, nil] A filter for this task
-    attr_accessor :except
-
     # @return [String] target for IDL task
     attr_accessor :idl_outfile
 
@@ -117,10 +108,10 @@ module GraphQL
           include_is_repeatable: include_is_repeatable,
           include_specified_by_url: include_specified_by_url,
           include_schema_description: include_schema_description,
-          only: @only, except: @except, context: context
+          context: context
         )
       when :to_definition
-        schema.to_definition(only: @only, except: @except, context: context)
+        schema.to_definition(context: context)
       else
         raise ArgumentError, "Unexpected schema dump method: #{method_name.inspect}"
       end

data/lib/graphql/schema/field/scope_extension.rb

@@ -10,7 +10,13 @@ module GraphQL
           else
             ret_type = @field.type.unwrap
             if ret_type.respond_to?(:scope_items)
-              ret_type.scope_items(value, context)
+              scoped_items = ret_type.scope_items(value, context)
+              if !scoped_items.equal?(value) && !ret_type.reauthorize_scoped_objects
+                current_runtime_state = Thread.current[:__graphql_runtime_info]
+                query_runtime_state = current_runtime_state[context.query]
+                query_runtime_state.was_authorized_by_scope_items = true
+              end
+              scoped_items
             else
               value
             end

data/lib/graphql/schema/interface.rb

@@ -69,11 +69,7 @@ module GraphQL
             end
           elsif child_class < GraphQL::Schema::Object
             # This is being included into an object type, make sure it's using `implements(...)`
-            backtrace_line = caller_locations(0, 10).find do |location|
-              location.base_label == "implements" &&
-                location.path.end_with?("schema/member/has_interfaces.rb")
-            end
-
+            backtrace_line = caller(0, 10).find { |line| line.include?("schema/member/has_interfaces.rb") && line.include?("in `implements'")}
             if !backtrace_line
               raise "Attach interfaces using `implements(#{self})`, not `include(#{self})`"
             end

data/lib/graphql/schema/member/scoped.rb

@@ -15,6 +15,25 @@ module GraphQL
         def scope_items(items, context)
           items
         end
+
+        def reauthorize_scoped_objects(new_value = nil)
+          if new_value.nil?
+            if @reauthorize_scoped_objects != nil
+              @reauthorize_scoped_objects
+            else
+              find_inherited_value(:reauthorize_scoped_objects, nil)
+            end
+          else
+            @reauthorize_scoped_objects = new_value
+          end
+        end
+
+        def inherited(subclass)
+          super
+          subclass.class_eval do
+            @reauthorize_scoped_objects = nil
+          end
+        end
       end
     end
   end

data/lib/graphql/schema/object.rb

@@ -30,6 +30,10 @@ module GraphQL
         # @see authorized_new to make instances
         protected :new
 
+        def wrap_scoped(object, context)
+          scoped_new(object, context)
+        end
+
         # This is called by the runtime to return an object to call methods on.
         def wrap(object, context)
           authorized_new(object, context)
@@ -91,6 +95,10 @@ module GraphQL
             end
           end
         end
+
+        def scoped_new(object, context)
+          self.new(object, context)
+        end
       end
 
       def initialize(object, context)

data/lib/graphql/schema/printer.rb

@@ -36,15 +36,11 @@ module GraphQL
 
       # @param schema [GraphQL::Schema]
       # @param context [Hash]
-      # @param only [<#call(member, ctx)>]
-      # @param except [<#call(member, ctx)>]
       # @param introspection [Boolean] Should include the introspection types in the string?
-      def initialize(schema, context: nil, only: nil, except: nil, introspection: false)
+      def initialize(schema, context: nil, introspection: false)
         @document_from_schema = GraphQL::Language::DocumentFromSchemaDefinition.new(
           schema,
           context: context,
-          only: only,
-          except: except,
           include_introspection_types: introspection,
         )
 
@@ -61,7 +57,12 @@ module GraphQL
             false
           end
         end
-        schema = Class.new(GraphQL::Schema) { query(query_root) }
+        schema = Class.new(GraphQL::Schema) {
+          query(query_root)
+          def self.visible?(member, _ctx)
+            member.graphql_name != "Root"
+          end
+        }
 
         introspection_schema_ast = GraphQL::Language::DocumentFromSchemaDefinition.new(
           schema,
@@ -94,7 +95,7 @@ module GraphQL
 
       class IntrospectionPrinter < GraphQL::Language::Printer
         def print_schema_definition(schema)
-          "schema {\n  query: Root\n}"
+          print_string("schema {\n  query: Root\n}")
         end
       end
     end

data/lib/graphql/schema/subscription.rb

@@ -28,14 +28,19 @@ module GraphQL
       def resolve_with_support(**args)
         result = nil
         unsubscribed = true
-        catch :graphql_subscription_unsubscribed do
+        unsubscribed_result = catch :graphql_subscription_unsubscribed do
           result = super
           unsubscribed = false
         end
 
 
         if unsubscribed
-          context.skip
+          if unsubscribed_result
+            context.namespace(:subscriptions)[:final_update] = true
+            unsubscribed_result
+          else
+            context.skip
+          end
         else
           result
         end
@@ -94,9 +99,11 @@ module GraphQL
       end
 
       # Call this to halt execution and remove this subscription from the system
-      def unsubscribe
+      # @param update_value [Object] if present, deliver this update before unsubscribing
+      # @return [void]
+      def unsubscribe(update_value = nil)
         context.namespace(:subscriptions)[:unsubscribed] = true
-        throw :graphql_subscription_unsubscribed
+        throw :graphql_subscription_unsubscribed, update_value
       end
 
       READING_SCOPE = ::Object.new

data/lib/graphql/schema/warden.rb

@@ -4,37 +4,12 @@ require 'set'
 
 module GraphQL
   class Schema
-    # Restrict access to a {GraphQL::Schema} with a user-defined filter.
+    # Restrict access to a {GraphQL::Schema} with a user-defined `visible?` implementations.
     #
     # When validating and executing a query, all access to schema members
     # should go through a warden. If you access the schema directly,
     # you may show a client something that it shouldn't be allowed to see.
     #
-    # @example Hiding private fields
-    #   private_members = -> (member, ctx) { member.metadata[:private] }
-    #   result = Schema.execute(query_string, except: private_members)
-    #
-    # @example Custom filter implementation
-    #   # It must respond to `#call(member)`.
-    #   class MissingRequiredFlags
-    #     def initialize(user)
-    #       @user = user
-    #     end
-    #
-    #     # Return `false` if any required flags are missing
-    #     def call(member, ctx)
-    #       member.metadata[:required_flags].any? do |flag|
-    #         !@user.has_flag?(flag)
-    #       end
-    #     end
-    #   end
-    #
-    #   # Then, use the custom filter in query:
-    #   missing_required_flags = MissingRequiredFlags.new(current_user)
-    #
-    #   # This query can only access members which match the user's flags
-    #   result = Schema.execute(query_string, except: missing_required_flags)
-    #
     # @api private
     class Warden
       def self.from_context(context)
@@ -114,22 +89,16 @@ module GraphQL
         def interfaces(obj_type); obj_type.interfaces; end
       end
 
-      # @param filter [<#call(member)>] Objects are hidden when `.call(member, ctx)` returns true
       # @param context [GraphQL::Query::Context]
       # @param schema [GraphQL::Schema]
-      def initialize(filter = nil, context:, schema:)
+      def initialize(context:, schema:)
         @schema = schema
         # Cache these to avoid repeated hits to the inheritance chain when one isn't present
         @query = @schema.query
         @mutation = @schema.mutation
         @subscription = @schema.subscription
         @context = context
-        @visibility_cache = if filter
-          read_through { |m| filter.call(m, context) }
-        else
-          read_through { |m| schema.visible?(m, context) }
-        end
-
+        @visibility_cache = read_through { |m| schema.visible?(m, context) }
         @visibility_cache.compare_by_identity
         # Initialize all ivars to improve object shape consistency:
         @types = @visible_types = @reachable_types = @visible_parent_fields =

data/lib/graphql/schema.rb

@@ -222,7 +222,7 @@ module GraphQL
       # @param include_specified_by_url [Boolean] If true, scalar types' `specifiedByUrl:` will be included in the response
       # @param include_is_one_of [Boolean] If true, `isOneOf: true|false` will be included with input objects
       # @return [Hash] GraphQL result
-      def as_json(only: nil, except: nil, context: {}, include_deprecated_args: true, include_schema_description: false, include_is_repeatable: false, include_specified_by_url: false, include_is_one_of: false)
+      def as_json(context: {}, include_deprecated_args: true, include_schema_description: false, include_is_repeatable: false, include_specified_by_url: false, include_is_one_of: false)
         introspection_query = Introspection.query(
           include_deprecated_args: include_deprecated_args,
           include_schema_description: include_schema_description,
@@ -231,16 +231,14 @@ module GraphQL
           include_specified_by_url: include_specified_by_url,
         )
 
-        execute(introspection_query, only: only, except: except, context: context).to_h
+        execute(introspection_query, context: context).to_h
       end
 
       # Return the GraphQL IDL for the schema
       # @param context [Hash]
-      # @param only [<#call(member, ctx)>]
-      # @param except [<#call(member, ctx)>]
       # @return [String]
-      def to_definition(only: nil, except: nil, context: {})
-        GraphQL::Schema::Printer.print_schema(self, only: only, except: except, context: context)
+      def to_definition(context: {})
+        GraphQL::Schema::Printer.print_schema(self, context: context)
       end
 
       # Return the GraphQL::Language::Document IDL AST for the schema
@@ -268,20 +266,6 @@ module GraphQL
         @find_cache[path] ||= @finder.find(path)
       end
 
-      def default_filter
-        GraphQL::Filter.new(except: default_mask)
-      end
-
-      def default_mask(new_mask = nil)
-        if new_mask
-          line = caller(2, 10).find { |l| !l.include?("lib/graphql") }
-          GraphQL::Deprecation.warn("GraphQL::Filter and Schema.mask are deprecated and will be removed in v2.1.0. Implement `visible?` on your schema members instead (https://graphql-ruby.org/authorization/visibility.html).\n  #{line}")
-          @own_default_mask = new_mask
-        else
-          @own_default_mask || find_inherited_value(:default_mask, Schema::NullMask)
-        end
-      end
-
       def static_validator
         GraphQL::StaticValidation::Validator.new(schema: self)
       end

data/lib/graphql/static_validation/validation_context.rb

@@ -8,9 +8,6 @@ module GraphQL
     # It provides access to the schema & fragments which validators may read from.
     #
     # It holds a list of errors which each validator may add to.
-    #
-    # It also provides limited access to the {TypeStack} instance,
-    # which tracks state as you climb in and out of different fields.
     class ValidationContext
       extend Forwardable
 

data/lib/graphql/static_validation.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 require "graphql/static_validation/error"
 require "graphql/static_validation/definition_dependencies"
-require "graphql/static_validation/type_stack"
 require "graphql/static_validation/validator"
 require "graphql/static_validation/validation_context"
 require "graphql/static_validation/validation_timeout_error"

data/lib/graphql/subscriptions/action_cable_subscriptions.rb

@@ -124,7 +124,8 @@ module GraphQL
       # This subscription was re-evaluated.
       # Send it to the specific stream where this client was waiting.
       def deliver(subscription_id, result)
-        payload = { result: result.to_h, more: true }
+        has_more = !result.context.namespace(:subscriptions)[:final_update]
+        payload = { result: result.to_h, more: has_more }
         @action_cable.server.broadcast(stream_subscription_name(subscription_id), payload)
       end
 

data/lib/graphql/subscriptions.rb

@@ -125,10 +125,10 @@ module GraphQL
         variables: variables,
         root_value: object,
       }
-      
+
        # merge event's and query's context together
       context.merge!(event.context) unless event.context.nil? || context.nil?
-      
+
       execute_options[:validate] = validate_update?(**execute_options)
       result = @schema.execute(**execute_options)
       subscriptions_context = result.context.namespace(:subscriptions)
@@ -136,11 +136,9 @@ module GraphQL
         result = nil
       end
 
-      unsubscribed = subscriptions_context[:unsubscribed]
-
-      if unsubscribed
+      if subscriptions_context[:unsubscribed] && !subscriptions_context[:final_update]
         # `unsubscribe` was called, clean up on our side
-        # TODO also send `{more: false}` to client?
+        # The transport should also send `{more: false}` to client
         delete_subscription(subscription_id)
         result = nil
       end
@@ -164,7 +162,14 @@ module GraphQL
       res = execute_update(subscription_id, event, object)
       if !res.nil?
         deliver(subscription_id, res)
+
+        if res.context.namespace(:subscriptions)[:unsubscribed]
+          # `unsubscribe` was called, clean up on our side
+          # The transport should also send `{more: false}` to client
+          delete_subscription(subscription_id)
+        end
       end
+
     end
 
     # Event `event` occurred on `object`,