graphql 2.0.32 → 2.5.22

data/lib/graphql/schema/warden.rb

@@ -4,37 +4,12 @@ require 'set'
 
 module GraphQL
   class Schema
-    # Restrict access to a {GraphQL::Schema} with a user-defined filter.
+    # Restrict access to a {GraphQL::Schema} with a user-defined `visible?` implementations.
     #
     # When validating and executing a query, all access to schema members
     # should go through a warden. If you access the schema directly,
     # you may show a client something that it shouldn't be allowed to see.
     #
-    # @example Hiding private fields
-    #   private_members = -> (member, ctx) { member.metadata[:private] }
-    #   result = Schema.execute(query_string, except: private_members)
-    #
-    # @example Custom filter implementation
-    #   # It must respond to `#call(member)`.
-    #   class MissingRequiredFlags
-    #     def initialize(user)
-    #       @user = user
-    #     end
-    #
-    #     # Return `false` if any required flags are missing
-    #     def call(member, ctx)
-    #       member.metadata[:required_flags].any? do |flag|
-    #         !@user.has_flag?(flag)
-    #       end
-    #     end
-    #   end
-    #
-    #   # Then, use the custom filter in query:
-    #   missing_required_flags = MissingRequiredFlags.new(current_user)
-    #
-    #   # This query can only access members which match the user's flags
-    #   result = Schema.execute(query_string, except: missing_required_flags)
-    #
     # @api private
     class Warden
       def self.from_context(context)
@@ -44,6 +19,17 @@ module GraphQL
         PassThruWarden
       end
 
+      def self.types_from_context(context)
+        context.types || PassThruWarden
+      rescue NoMethodError
+        # this might be a hash which won't respond to #warden
+        PassThruWarden
+      end
+
+      def self.use(schema)
+        # no-op
+      end
+
       # @param visibility_method [Symbol] a Warden method to call for this entry
       # @param entry [Object, Array<Object>] One or more definitions for a given name in a GraphQL Schema
       # @param context [GraphQL::Query::Context]
@@ -85,23 +71,34 @@ module GraphQL
           def visible_type_membership?(tm, ctx); tm.visible?(ctx); end
           def interface_type_memberships(obj_t, ctx); obj_t.interface_type_memberships; end
           def arguments(owner, ctx); owner.arguments(ctx); end
+          def loadable?(type, ctx); type.visible?(ctx); end
+          def loadable_possible_types(type, ctx); type.possible_types(ctx); end
+          def visibility_profile
+            @visibility_profile ||= Warden::VisibilityProfile.new(self)
+          end
         end
       end
 
       class NullWarden
         def initialize(_filter = nil, context:, schema:)
           @schema = schema
+          @visibility_profile = Warden::VisibilityProfile.new(self)
         end
 
+        # No-op, but for compatibility:
+        attr_writer :skip_warning
+
+        attr_reader :visibility_profile
+
         def visible_field?(field_defn, _ctx = nil, owner = nil); true; end
         def visible_argument?(arg_defn, _ctx = nil); true; end
         def visible_type?(type_defn, _ctx = nil); true; end
-        def visible_enum_value?(enum_value, _ctx = nil); true; end
+        def visible_enum_value?(enum_value, _ctx = nil); enum_value.visible?(Query::NullContext.instance); end
         def visible_type_membership?(type_membership, _ctx = nil); true; end
         def interface_type_memberships(obj_type, _ctx = nil); obj_type.interface_type_memberships; end
-        def get_type(type_name); @schema.get_type(type_name); end # rubocop:disable Development/ContextIsPassedCop
+        def get_type(type_name); @schema.get_type(type_name, Query::NullContext.instance, false); end # rubocop:disable Development/ContextIsPassedCop
         def arguments(argument_owner, ctx = nil); argument_owner.all_argument_definitions; end
-        def enum_values(enum_defn); enum_defn.enum_values; end # rubocop:disable Development/ContextIsPassedCop
+        def enum_values(enum_defn); enum_defn.enum_values(Query::NullContext.instance); end # rubocop:disable Development/ContextIsPassedCop
         def get_argument(parent_type, argument_name); parent_type.get_argument(argument_name); end # rubocop:disable Development/ContextIsPassedCop
         def types; @schema.types; end # rubocop:disable Development/ContextIsPassedCop
         def root_type_for_operation(op_name); @schema.root_type_for_operation(op_name); end
@@ -109,37 +106,117 @@ module GraphQL
         def fields(type_defn); type_defn.all_field_definitions; end # rubocop:disable Development/ContextIsPassedCop
         def get_field(parent_type, field_name); @schema.get_field(parent_type, field_name); end
         def reachable_type?(type_name); true; end
+        def loadable?(type, _ctx); true; end
+        def loadable_possible_types(abstract_type, _ctx); union_type.possible_types; end
         def reachable_types; @schema.types.values; end # rubocop:disable Development/ContextIsPassedCop
-        def possible_types(type_defn); @schema.possible_types(type_defn); end
+        def possible_types(type_defn); @schema.possible_types(type_defn, Query::NullContext.instance, false); end
         def interfaces(obj_type); obj_type.interfaces; end
       end
 
-      # @param filter [<#call(member)>] Objects are hidden when `.call(member, ctx)` returns true
+      def visibility_profile
+        @visibility_profile ||= VisibilityProfile.new(self)
+      end
+
+      class VisibilityProfile
+        def initialize(warden)
+          @warden = warden
+        end
+
+        def directives
+          @warden.directives
+        end
+
+        def directive_exists?(dir_name)
+          @warden.directives.any? { |d| d.graphql_name == dir_name }
+        end
+
+        def type(name)
+          @warden.get_type(name)
+        end
+
+        def field(owner, field_name)
+          @warden.get_field(owner, field_name)
+        end
+
+        def argument(owner, arg_name)
+          @warden.get_argument(owner, arg_name)
+        end
+
+        def query_root
+          @warden.root_type_for_operation("query")
+        end
+
+        def mutation_root
+          @warden.root_type_for_operation("mutation")
+        end
+
+        def subscription_root
+          @warden.root_type_for_operation("subscription")
+        end
+
+        def arguments(owner)
+          @warden.arguments(owner)
+        end
+
+        def fields(owner)
+          @warden.fields(owner)
+        end
+
+        def possible_types(type)
+          @warden.possible_types(type)
+        end
+
+        def enum_values(enum_type)
+          @warden.enum_values(enum_type)
+        end
+
+        def all_types
+          @warden.reachable_types
+        end
+
+        def interfaces(obj_type)
+          @warden.interfaces(obj_type)
+        end
+
+        def loadable?(t, ctx) # TODO remove ctx here?
+          @warden.loadable?(t, ctx)
+        end
+
+        def loadable_possible_types(t, ctx)
+          @warden.loadable_possible_types(t, ctx)
+        end
+
+        def reachable_type?(type_name)
+          !!@warden.reachable_type?(type_name)
+        end
+
+        def visible_enum_value?(enum_value, ctx = nil)
+          @warden.visible_enum_value?(enum_value, ctx)
+        end
+      end
+
       # @param context [GraphQL::Query::Context]
       # @param schema [GraphQL::Schema]
-      def initialize(filter = nil, context:, schema:)
+      def initialize(context:, schema:)
         @schema = schema
         # Cache these to avoid repeated hits to the inheritance chain when one isn't present
         @query = @schema.query
         @mutation = @schema.mutation
         @subscription = @schema.subscription
         @context = context
-        @visibility_cache = if filter
-          read_through { |m| filter.call(m, context) }
-        else
-          read_through { |m| schema.visible?(m, context) }
-        end
-
-        @visibility_cache.compare_by_identity
+        @visibility_cache = read_through { |m| check_visible(schema, m) }
         # Initialize all ivars to improve object shape consistency:
         @types = @visible_types = @reachable_types = @visible_parent_fields =
           @visible_possible_types = @visible_fields = @visible_arguments = @visible_enum_arrays =
           @visible_enum_values = @visible_interfaces = @type_visibility = @type_memberships =
-          @visible_and_reachable_type = @unions = @unfiltered_interfaces = @references_to =
-          @reachable_type_set =
+          @visible_and_reachable_type = @unions = @unfiltered_interfaces =
+          @reachable_type_set = @visibility_profile = @loadable_possible_types =
             nil
+        @skip_warning = schema.plugins.any? { |(plugin, _opts)| plugin == GraphQL::Schema::Warden }
       end
 
+      attr_writer :skip_warning
+
       # @return [Hash<String, GraphQL::BaseType>] Visible types in the schema
       def types
         @types ||= begin
@@ -153,10 +230,30 @@ module GraphQL
         end
       end
 
+      # @return [Boolean] True if this type is used for `loads:` but not in the schema otherwise and not _explicitly_ hidden.
+      def loadable?(type, _ctx)
+        visible_type?(type) &&
+          !referenced?(type) &&
+          (type.respond_to?(:interfaces) ? interfaces(type).all? { |i| loadable?(i, _ctx) } : true)
+      end
+
+      # This abstract type was determined to be used for `loads` only.
+      # All its possible types are valid possibilities here -- no filtering.
+      def loadable_possible_types(abstract_type, _ctx)
+        @loadable_possible_types ||= read_through do |t|
+          if t.is_a?(Class) # union
+            t.possible_types
+          else
+            @schema.possible_types(abstract_type)
+          end
+        end
+        @loadable_possible_types[abstract_type]
+      end
+
       # @return [GraphQL::BaseType, nil] The type named `type_name`, if it exists (else `nil`)
       def get_type(type_name)
         @visible_types ||= read_through do |name|
-          type_defn = @schema.get_type(name, @context)
+          type_defn = @schema.get_type(name, @context, false)
           if type_defn && visible_and_reachable_type?(type_defn)
             type_defn
           else
@@ -203,7 +300,7 @@ module GraphQL
       # @return [Array<GraphQL::BaseType>] The types which may be member of `type_defn`
       def possible_types(type_defn)
         @visible_possible_types ||= read_through { |type_defn|
-          pt = @schema.possible_types(type_defn, @context)
+          pt = @schema.possible_types(type_defn, @context, false)
           pt.select { |t| visible_and_reachable_type?(t) }
         }
         @visible_possible_types[type_defn]
@@ -219,7 +316,16 @@ module GraphQL
       # @param argument_owner [GraphQL::Field, GraphQL::InputObjectType]
       # @return [Array<GraphQL::Argument>] Visible arguments on `argument_owner`
       def arguments(argument_owner, ctx = nil)
-        @visible_arguments ||= read_through { |o| o.arguments(@context).each_value.select { |a| visible_argument?(a, @context) } }
+        @visible_arguments ||= read_through { |o|
+          args = o.arguments(@context)
+          if !args.empty?
+            args = args.values
+            args.select! { |a| visible_argument?(a, @context) }
+            args
+          else
+            EmptyObjects::EMPTY_ARRAY
+          end
+        }
         @visible_arguments[argument_owner]
       end
 
@@ -242,7 +348,13 @@ module GraphQL
 
       # @return [Array<GraphQL::InterfaceType>] Visible interfaces implemented by `obj_type`
       def interfaces(obj_type)
-        @visible_interfaces ||= read_through { |t| t.interfaces(@context).select { |i| visible_type?(i) } }
+        @visible_interfaces ||= read_through { |t|
+          ints = t.interfaces(@context)
+          if !ints.empty?
+            ints.select! { |i| visible_type?(i) }
+          end
+          ints
+        }
         @visible_interfaces[obj_type]
       end
 
@@ -298,11 +410,26 @@ module GraphQL
           next true if root_type?(type_defn) || type_defn.introspection?
 
           if type_defn.kind.union?
-            visible_possible_types?(type_defn) && (referenced?(type_defn) || orphan_type?(type_defn))
+            !possible_types(type_defn).empty? && (referenced?(type_defn) || orphan_type?(type_defn))
           elsif type_defn.kind.interface?
-            visible_possible_types?(type_defn)
+            if !possible_types(type_defn).empty?
+              true
+            else
+              if @context.respond_to?(:logger) && (logger = @context.logger)
+                logger.debug { "Interface `#{type_defn.graphql_name}` hidden because it has no visible implementers" }
+              end
+              false
+            end
           else
-            referenced?(type_defn) || visible_abstract_type?(type_defn)
+            if referenced?(type_defn)
+              true
+            elsif type_defn.kind.object?
+              # Show this object if it belongs to ...
+              interfaces(type_defn).any? { |t| referenced?(t) } ||  # an interface which is referenced in the schema
+                union_memberships(type_defn).any? { |t| referenced?(t) || orphan_type?(t) } # or a union which is referenced or added via orphan_types
+            else
+              false
+            end
           end
         end
 
@@ -357,37 +484,74 @@ module GraphQL
       end
 
       def referenced?(type_defn)
-        @references_to ||= @schema.references_to
-        graphql_name = type_defn.unwrap.graphql_name
-        members = @references_to[graphql_name] || NO_REFERENCES
+        members = @schema.references_to(type_defn)
         members.any? { |m| visible?(m) }
       end
 
-      NO_REFERENCES = [].freeze
-
       def orphan_type?(type_defn)
         @schema.orphan_types.include?(type_defn)
       end
 
-      def visible_abstract_type?(type_defn)
-        type_defn.kind.object? && (
-            interfaces(type_defn).any? ||
-            union_memberships(type_defn).any?
-          )
-      end
-
-      def visible_possible_types?(type_defn)
-        possible_types(type_defn).any? { |t| visible_and_reachable_type?(t) }
-      end
-
       def visible?(member)
         @visibility_cache[member]
       end
 
       def read_through
-        Hash.new { |h, k| h[k] = yield(k) }
+        Hash.new { |h, k| h[k] = yield(k) }.compare_by_identity
       end
 
+      def check_visible(schema, member)
+        if schema.visible?(member, @context)
+          true
+        elsif @skip_warning
+          false
+        else
+          member_s = member.respond_to?(:path) ? member.path : member.inspect
+          member_type = case member
+          when Module
+            if member.respond_to?(:kind)
+              member.kind.name.downcase
+            else
+              ""
+            end
+          when GraphQL::Schema::Field
+            "field"
+          when GraphQL::Schema::EnumValue
+            "enum value"
+          when GraphQL::Schema::Argument
+            "argument"
+          else
+            ""
+          end
+
+          schema_s = schema.name ? "#{schema.name}'s" : ""
+          schema_name = schema.name ? "#{schema.name}" : "your schema"
+          warn(ADD_WARDEN_WARNING % { schema_s: schema_s, schema_name: schema_name, member: member_s, member_type: member_type })
+          @skip_warning = true # only warn once per query
+          # If there's no schema name, add the backtrace for additional context:
+          if schema_s == ""
+            puts caller.map { |l| "    #{l}"}
+          end
+          false
+        end
+      end
+
+      ADD_WARDEN_WARNING = <<~WARNING
+DEPRECATION: %{schema_s} "%{member}" %{member_type} returned `false` for `.visible?` but `GraphQL::Schema::Visibility` isn't configured yet.
+
+  Address this warning by adding:
+
+      use GraphQL::Schema::Visibility
+
+  to the definition for %{schema_name}. (Future GraphQL-Ruby versions won't check `.visible?` methods by default.)
+
+  Alternatively, for legacy behavior, add:
+
+      use GraphQL::Schema::Warden # legacy visibility behavior
+
+  For more information see: https://graphql-ruby.org/authorization/visibility.html
+      WARNING
+
       def reachable_type_set
         return @reachable_type_set if @reachable_type_set
 
@@ -416,54 +580,62 @@ module GraphQL
           end
         end
 
+        included_interface_possible_types_set = Set.new
+
         until unvisited_types.empty?
           type = unvisited_types.pop
-          if @reachable_type_set.add?(type)
-            type_by_name = rt_hash[type.graphql_name] ||= type
-            if type_by_name != type
-              raise DuplicateNamesError.new(
-                duplicated_name: type.graphql_name, duplicated_definition_1: type.inspect, duplicated_definition_2: type_by_name.inspect
-              )
+          visit_type(type, unvisited_types, @reachable_type_set, rt_hash, included_interface_possible_types_set, include_interface_possible_types: false)
+        end
+
+        @reachable_type_set
+      end
+
+      def visit_type(type, unvisited_types, visited_type_set, type_by_name_hash, included_interface_possible_types_set, include_interface_possible_types:)
+        if visited_type_set.add?(type) || (include_interface_possible_types && type.kind.interface? && included_interface_possible_types_set.add?(type))
+          type_by_name = type_by_name_hash[type.graphql_name] ||= type
+          if type_by_name != type
+            name_1, name_2 = [type.inspect, type_by_name.inspect].sort
+            raise DuplicateNamesError.new(
+              duplicated_name: type.graphql_name, duplicated_definition_1: name_1, duplicated_definition_2: name_2
+            )
+          end
+          if type.kind.input_object?
+            # recurse into visible arguments
+            arguments(type).each do |argument|
+              argument_type = argument.type.unwrap
+              unvisited_types << argument_type
             end
-            if type.kind.input_object?
-              # recurse into visible arguments
-              arguments(type).each do |argument|
-                argument_type = argument.type.unwrap
-                unvisited_types << argument_type
-              end
-            elsif type.kind.union?
-              # recurse into visible possible types
-              possible_types(type).each do |possible_type|
-                unvisited_types << possible_type
+          elsif type.kind.union?
+            # recurse into visible possible types
+            possible_types(type).each do |possible_type|
+              unvisited_types << possible_type
+            end
+          elsif type.kind.fields?
+            if type.kind.object?
+              # recurse into visible implemented interfaces
+              interfaces(type).each do |interface|
+                unvisited_types << interface
               end
-            elsif type.kind.fields?
-              if type.kind.interface?
-                # recurse into visible possible types
-                possible_types(type).each do |possible_type|
-                  unvisited_types << possible_type
-                end
-              elsif type.kind.object?
-                # recurse into visible implemented interfaces
-                interfaces(type).each do |interface|
-                  unvisited_types << interface
-                end
+            elsif include_interface_possible_types
+              possible_types(type).each do |pt|
+                unvisited_types << pt
               end
+            end
+            # Don't visit interface possible types -- it's not enough to justify visibility
 
-              # recurse into visible fields
-              fields(type).each do |field|
-                field_type = field.type.unwrap
-                unvisited_types << field_type
-                # recurse into visible arguments
-                arguments(field).each do |argument|
-                  argument_type = argument.type.unwrap
-                  unvisited_types << argument_type
-                end
+            # recurse into visible fields
+            fields(type).each do |field|
+              field_type = field.type.unwrap
+              # In this case, if it's an interface, we want to include
+              visit_type(field_type, unvisited_types, visited_type_set, type_by_name_hash, included_interface_possible_types_set, include_interface_possible_types: true)
+              # recurse into visible arguments
+              arguments(field).each do |argument|
+                argument_type = argument.type.unwrap
+                unvisited_types << argument_type
               end
             end
           end
         end
-
-        @reachable_type_set
       end
     end
   end