graphql 2.3.18 → 2.4.1

data/lib/graphql/schema/visibility/{subset.rb → profile.rb}

@@ -11,26 +11,28 @@ module GraphQL
       # - It doesn't use {Schema}'s top-level caches (eg {Schema.references_to}, {Schema.possible_types}, {Schema.types})
       # - It doesn't hide Interface or Union types when all their possible types are hidden. (Instead, those types should implement `.visible?` to hide in that case.)
       # - It checks `.visible?` on root introspection types
-      #
-      # In the future, {Subset} will support lazy-loading types as needed during execution and multi-request caching of subsets.
-      class Subset
-        # @return [Schema::Visibility::Subset]
+      # - It can be used to cache profiles by name for re-use across queries
+      class Profile
+        # @return [Schema::Visibility::Profile]
         def self.from_context(ctx, schema)
           if ctx.respond_to?(:types) && (types = ctx.types).is_a?(self)
             types
           else
-            # TODO use a cached instance from the schema
-            self.new(context: ctx, schema: schema)
+            schema.visibility.profile_for(ctx, nil)
           end
         end
 
-        def self.pass_thru(context:, schema:)
-          subset = self.new(context: context, schema: schema)
-          subset.instance_variable_set(:@cached_visible, Hash.new { |h,k| h[k] = true })
-          subset
+        def self.null_profile(context:, schema:)
+          profile = self.new(name: "NullProfile", context: context, schema: schema)
+          profile.instance_variable_set(:@cached_visible, Hash.new { |k, v| k[v] = true }.compare_by_identity)
+          profile
         end
 
-        def initialize(context:, schema:)
+        # @return [Symbol, nil]
+        attr_reader :name
+
+        def initialize(name: nil, context:, schema:)
+          @name = name
           @context = context
           @schema = schema
           @all_types = {}
@@ -67,6 +69,7 @@ module GraphQL
           @cached_visible_arguments = Hash.new do |h, arg|
             h[arg] = if @cached_visible[arg] && (arg_type = arg.type.unwrap) && @cached_visible[arg_type]
               add_type(arg_type, arg)
+              arg.validate_default_value
               true
             else
               false
@@ -120,7 +123,7 @@ module GraphQL
           end.compare_by_identity
 
           @cached_enum_values = Hash.new do |h, enum_t|
-            values = non_duplicate_items(enum_t.all_enum_value_definitions, @cached_visible)
+            values = non_duplicate_items(enum_t.enum_values(@context), @cached_visible)
             if values.size == 0
               raise GraphQL::Schema::Enum::MissingValuesError.new(enum_t)
             end
@@ -324,6 +327,10 @@ module GraphQL
           !!@all_types[name]
         end
 
+        def visible_enum_value?(enum_value, _ctx = nil)
+          @cached_visible[enum_value]
+        end
+
         private
 
         def add_if_visible(t)
@@ -403,8 +410,9 @@ module GraphQL
 
           @unfiltered_interface_type_memberships = Hash.new { |h, k| h[k] = [] }.compare_by_identity
           @add_possible_types = Set.new
+          @late_types = []
 
-          while @unvisited_types.any?
+          while @unvisited_types.any? || @late_types.any?
             while t = @unvisited_types.pop
               # These have already been checked for `.visible?`
               visit_type(t)
@@ -418,6 +426,12 @@ module GraphQL
               end
             end
             @add_possible_types.clear
+
+            while (union_tm = @late_types.shift)
+              late_obj_t = union_tm.object_type
+              obj_t = @all_types[late_obj_t.graphql_name] || raise("Failed to resolve #{late_obj_t.graphql_name.inspect} from #{union_tm.inspect}")
+              union_tm.abstract_type.assign_type_membership_object_type(obj_t)
+            end
           end
 
           @all_types.delete_if { |type_name, type_defn| !referenced?(type_defn) }
@@ -470,12 +484,16 @@ module GraphQL
             type.type_memberships.each do |tm|
               if @cached_visible[tm]
                 obj_t = tm.object_type
-                if obj_t.is_a?(String)
-                  obj_t = Member::BuildType.constantize(obj_t)
-                  tm.object_type = obj_t
-                end
-                if @cached_visible[obj_t]
-                  add_type(obj_t, tm)
+                if obj_t.is_a?(GraphQL::Schema::LateBoundType)
+                  @late_types << tm
+                else
+                  if obj_t.is_a?(String)
+                    obj_t = Member::BuildType.constantize(obj_t)
+                    tm.object_type = obj_t
+                  end
+                  if @cached_visible[obj_t]
+                    add_type(obj_t, tm)
+                  end
                 end
               end
             end

data/lib/graphql/schema/visibility.rb

@@ -1,28 +1,73 @@
 # frozen_string_literal: true
-require "graphql/schema/visibility/subset"
+require "graphql/schema/visibility/profile"
 require "graphql/schema/visibility/migration"
 
 module GraphQL
   class Schema
+    # Use this plugin to make some parts of your schema hidden from some viewers.
+    #
     class Visibility
-      def self.use(schema, preload: nil, migration_errors: false)
-        schema.visibility = self.new(schema, preload: preload)
-        schema.use_schema_visibility = true
+      # @param schema [Class<GraphQL::Schema>]
+      # @param profiles [Hash<Symbol => Hash>] A hash of `name => context` pairs for preloading visibility profiles
+      # @param preload [Boolean] if `true`, load the default schema profile and all named profiles immediately (defaults to `true` for `Rails.env.production?`)
+      # @param migration_errors [Boolean] if `true`, raise an error when `Visibility` and `Warden` return different results
+      def self.use(schema, dynamic: false, profiles: EmptyObjects::EMPTY_HASH, preload: (defined?(Rails) ? Rails.env.production? : nil), migration_errors: false)
+        schema.visibility = self.new(schema, dynamic: dynamic, preload: preload, profiles: profiles, migration_errors: migration_errors)
+      end
+
+      def initialize(schema, dynamic:, preload:, profiles:, migration_errors:)
+        @schema = schema
+        schema.use_visibility_profile = true
         if migration_errors
-          schema.subset_class = Migration
+          schema.visibility_profile_class = Migration
+        end
+        @profiles = profiles
+        @cached_profiles = {}
+        @dynamic = dynamic
+        @migration_errors = migration_errors
+        if preload
+          profiles.each do |profile_name, example_ctx|
+            example_ctx[:visibility_profile] = profile_name
+            prof = profile_for(example_ctx, profile_name)
+            prof.all_types # force loading
+          end
         end
       end
 
-      def initialize(schema, preload:)
-        @schema = schema
-        @cached_subsets = {}
+      # Make another Visibility for `schema` based on this one
+      # @return [Visibility]
+      # @api private
+      def dup_for(other_schema)
+        self.class.new(
+          other_schema,
+          dynamic: @dynamic,
+          preload: @preload,
+          profiles: @profiles,
+          migration_errors: @migration_errors
+        )
+      end
 
-        if preload.nil? && defined?(Rails) && Rails.env.production?
-          preload = true
-        end
+      def migration_errors?
+        @migration_errors
+      end
 
-        if preload
+      attr_reader :cached_profiles
 
+      def profile_for(context, visibility_profile)
+        if @profiles.any?
+          if visibility_profile.nil?
+            if @dynamic
+              @schema.visibility_profile_class.new(context: context, schema: @schema)
+            elsif @profiles.any?
+              raise ArgumentError, "#{@schema} expects a visibility profile, but `visibility_profile:` wasn't passed. Provide a `visibility_profile:` value or add `dynamic: true` to your visibility configuration."
+            end
+          elsif !@profiles.include?(visibility_profile)
+            raise ArgumentError, "`#{visibility_profile.inspect}` isn't allowed for `visibility_profile:` (must be one of #{@profiles.keys.map(&:inspect).join(", ")}). Or, add `#{visibility_profile.inspect}` to the list of profiles in the schema definition."
+          else
+            @cached_profiles[visibility_profile] ||= @schema.visibility_profile_class.new(name: visibility_profile, context: context, schema: @schema)
+          end
+        else
+          @schema.visibility_profile_class.new(context: context, schema: @schema)
         end
       end
     end

data/lib/graphql/schema/warden.rb

@@ -19,6 +19,17 @@ module GraphQL
         PassThruWarden
       end
 
+      def self.types_from_context(context)
+        context.types || PassThruWarden
+      rescue NoMethodError
+        # this might be a hash which won't respond to #warden
+        PassThruWarden
+      end
+
+      def self.use(schema)
+        # no-op
+      end
+
       # @param visibility_method [Symbol] a Warden method to call for this entry
       # @param entry [Object, Array<Object>] One or more definitions for a given name in a GraphQL Schema
       # @param context [GraphQL::Query::Context]
@@ -61,8 +72,8 @@ module GraphQL
           def interface_type_memberships(obj_t, ctx); obj_t.interface_type_memberships; end
           def arguments(owner, ctx); owner.arguments(ctx); end
           def loadable?(type, ctx); type.visible?(ctx); end
-          def schema_subset
-            @schema_subset ||= Warden::SchemaSubset.new(self)
+          def visibility_profile
+            @visibility_profile ||= Warden::VisibilityProfile.new(self)
           end
         end
       end
@@ -70,27 +81,23 @@ module GraphQL
       class NullWarden
         def initialize(_filter = nil, context:, schema:)
           @schema = schema
-          @schema_subset = Warden::SchemaSubset.new(self)
+          @visibility_profile = Warden::VisibilityProfile.new(self)
         end
 
-        # @api private
-        module NullSubset
-          def self.new(context:, schema:)
-            NullWarden.new(context: context, schema: schema).schema_subset
-          end
-        end
+        # No-op, but for compatibility:
+        attr_writer :skip_warning
 
-        attr_reader :schema_subset
+        attr_reader :visibility_profile
 
         def visible_field?(field_defn, _ctx = nil, owner = nil); true; end
         def visible_argument?(arg_defn, _ctx = nil); true; end
         def visible_type?(type_defn, _ctx = nil); true; end
-        def visible_enum_value?(enum_value, _ctx = nil); true; end
+        def visible_enum_value?(enum_value, _ctx = nil); enum_value.visible?(Query::NullContext.instance); end
         def visible_type_membership?(type_membership, _ctx = nil); true; end
         def interface_type_memberships(obj_type, _ctx = nil); obj_type.interface_type_memberships; end
-        def get_type(type_name); @schema.get_type(type_name); end # rubocop:disable Development/ContextIsPassedCop
+        def get_type(type_name); @schema.get_type(type_name, Query::NullContext.instance, false); end # rubocop:disable Development/ContextIsPassedCop
         def arguments(argument_owner, ctx = nil); argument_owner.all_argument_definitions; end
-        def enum_values(enum_defn); enum_defn.enum_values; end # rubocop:disable Development/ContextIsPassedCop
+        def enum_values(enum_defn); enum_defn.enum_values(Query::NullContext.instance); end # rubocop:disable Development/ContextIsPassedCop
         def get_argument(parent_type, argument_name); parent_type.get_argument(argument_name); end # rubocop:disable Development/ContextIsPassedCop
         def types; @schema.types; end # rubocop:disable Development/ContextIsPassedCop
         def root_type_for_operation(op_name); @schema.root_type_for_operation(op_name); end
@@ -100,15 +107,15 @@ module GraphQL
         def reachable_type?(type_name); true; end
         def loadable?(type, _ctx); true; end
         def reachable_types; @schema.types.values; end # rubocop:disable Development/ContextIsPassedCop
-        def possible_types(type_defn); @schema.possible_types(type_defn); end
+        def possible_types(type_defn); @schema.possible_types(type_defn, Query::NullContext.instance, false); end
         def interfaces(obj_type); obj_type.interfaces; end
       end
 
-      def schema_subset
-        @schema_subset ||= SchemaSubset.new(self)
+      def visibility_profile
+        @visibility_profile ||= VisibilityProfile.new(self)
       end
 
-      class SchemaSubset
+      class VisibilityProfile
         def initialize(warden)
           @warden = warden
         end
@@ -176,6 +183,10 @@ module GraphQL
         def reachable_type?(type_name)
           !!@warden.reachable_type?(type_name)
         end
+
+        def visible_enum_value?(enum_value, ctx = nil)
+          @warden.visible_enum_value?(enum_value, ctx)
+        end
       end
 
       # @param context [GraphQL::Query::Context]
@@ -187,16 +198,19 @@ module GraphQL
         @mutation = @schema.mutation
         @subscription = @schema.subscription
         @context = context
-        @visibility_cache = read_through { |m| schema.visible?(m, context) }
+        @visibility_cache = read_through { |m| check_visible(schema, m) }
         # Initialize all ivars to improve object shape consistency:
         @types = @visible_types = @reachable_types = @visible_parent_fields =
           @visible_possible_types = @visible_fields = @visible_arguments = @visible_enum_arrays =
           @visible_enum_values = @visible_interfaces = @type_visibility = @type_memberships =
           @visible_and_reachable_type = @unions = @unfiltered_interfaces =
-          @reachable_type_set = @schema_subset =
+          @reachable_type_set = @visibility_profile =
             nil
+        @skip_warning = schema.plugins.any? { |(plugin, _opts)| plugin == GraphQL::Schema::Warden }
       end
 
+      attr_writer :skip_warning
+
       # @return [Hash<String, GraphQL::BaseType>] Visible types in the schema
       def types
         @types ||= begin
@@ -218,7 +232,7 @@ module GraphQL
       # @return [GraphQL::BaseType, nil] The type named `type_name`, if it exists (else `nil`)
       def get_type(type_name)
         @visible_types ||= read_through do |name|
-          type_defn = @schema.get_type(name, @context)
+          type_defn = @schema.get_type(name, @context, false)
           if type_defn && visible_and_reachable_type?(type_defn)
             type_defn
           else
@@ -265,7 +279,7 @@ module GraphQL
       # @return [Array<GraphQL::BaseType>] The types which may be member of `type_defn`
       def possible_types(type_defn)
         @visible_possible_types ||= read_through { |type_defn|
-          pt = @schema.possible_types(type_defn, @context)
+          pt = @schema.possible_types(type_defn, @context, false)
           pt.select { |t| visible_and_reachable_type?(t) }
         }
         @visible_possible_types[type_defn]
@@ -465,6 +479,58 @@ module GraphQL
         Hash.new { |h, k| h[k] = yield(k) }.compare_by_identity
       end
 
+      def check_visible(schema, member)
+        if schema.visible?(member, @context)
+          true
+        elsif @skip_warning
+          false
+        else
+          member_s = member.respond_to?(:path) ? member.path : member.inspect
+          member_type = case member
+          when Module
+            if member.respond_to?(:kind)
+              member.kind.name.downcase
+            else
+              ""
+            end
+          when GraphQL::Schema::Field
+            "field"
+          when GraphQL::Schema::EnumValue
+            "enum value"
+          when GraphQL::Schema::Argument
+            "argument"
+          else
+            ""
+          end
+
+          schema_s = schema.name ? "#{schema.name}'s" : ""
+          schema_name = schema.name ? "#{schema.name}" : "your schema"
+          warn(ADD_WARDEN_WARNING % { schema_s: schema_s, schema_name: schema_name, member: member_s, member_type: member_type })
+          @skip_warning = true # only warn once per query
+          # If there's no schema name, add the backtrace for additional context:
+          if schema_s == ""
+            puts caller.map { |l| "    #{l}"}
+          end
+          false
+        end
+      end
+
+      ADD_WARDEN_WARNING = <<~WARNING
+DEPRECATION: %{schema_s} "%{member}" %{member_type} returned `false` for `.visible?` but `GraphQL::Schema::Visibility` isn't configured yet.
+
+  Address this warning by adding:
+
+      use GraphQL::Schema::Visibility
+
+  to the definition for %{schema_name}. (Future GraphQL-Ruby versions won't check `.visible?` methods by default.)
+
+  Alternatively, for legacy behavior, add:
+
+      use GraphQL::Schema::Warden # legacy visibility behavior
+
+  For more information see: https://graphql-ruby.org/authorization/visibility.html
+      WARNING
+
       def reachable_type_set
         return @reachable_type_set if @reachable_type_set