graphql 2.3.7 → 2.4.5

data/lib/graphql/schema/visibility.rb

@@ -0,0 +1,294 @@
+# frozen_string_literal: true
+require "graphql/schema/visibility/profile"
+require "graphql/schema/visibility/migration"
+require "graphql/schema/visibility/visit"
+
+module GraphQL
+  class Schema
+    # Use this plugin to make some parts of your schema hidden from some viewers.
+    #
+    class Visibility
+      # @param schema [Class<GraphQL::Schema>]
+      # @param profiles [Hash<Symbol => Hash>] A hash of `name => context` pairs for preloading visibility profiles
+      # @param preload [Boolean] if `true`, load the default schema profile and all named profiles immediately (defaults to `true` for `Rails.env.production?`)
+      # @param migration_errors [Boolean] if `true`, raise an error when `Visibility` and `Warden` return different results
+      def self.use(schema, dynamic: false, profiles: EmptyObjects::EMPTY_HASH, preload: (defined?(Rails) ? Rails.env.production? : nil), migration_errors: false)
+        schema.visibility = self.new(schema, dynamic: dynamic, preload: preload, profiles: profiles, migration_errors: migration_errors)
+        if preload
+          schema.visibility.preload
+        end
+      end
+
+      def initialize(schema, dynamic:, preload:, profiles:, migration_errors:)
+        @schema = schema
+        schema.use_visibility_profile = true
+        schema.visibility_profile_class = if migration_errors
+          Visibility::Migration
+        else
+          Visibility::Profile
+        end
+        @preload = preload
+        @profiles = profiles
+        @cached_profiles = {}
+        @dynamic = dynamic
+        @migration_errors = migration_errors
+        # Top-level type caches:
+        @visit = nil
+        @interface_type_memberships = nil
+        @directives = nil
+        @types = nil
+        @all_references = nil
+        @loaded_all = false
+      end
+
+      def all_directives
+        load_all
+        @directives
+      end
+
+      def all_interface_type_memberships
+        load_all
+        @interface_type_memberships
+      end
+
+      def all_references
+        load_all
+        @all_references
+      end
+
+      def get_type(type_name)
+        load_all
+        @types[type_name]
+      end
+
+      def preload?
+        @preload
+      end
+
+      def preload
+        # Traverse the schema now (and in the *_configured hooks below)
+        # To make sure things are loaded during boot
+        @preloaded_types = Set.new
+        types_to_visit = [
+          @schema.query,
+          @schema.mutation,
+          @schema.subscription,
+          *@schema.introspection_system.types.values,
+          *@schema.introspection_system.entry_points.map { |ep| ep.type.unwrap },
+          *@schema.orphan_types,
+        ]
+        # Root types may have been nil:
+        types_to_visit.compact!
+        ensure_all_loaded(types_to_visit)
+        @profiles.each do |profile_name, example_ctx|
+          example_ctx[:visibility_profile] = profile_name
+          prof = profile_for(example_ctx, profile_name)
+          prof.all_types # force loading
+        end
+      end
+
+      # @api private
+      def query_configured(query_type)
+        if @preload
+          ensure_all_loaded([query_type])
+        end
+      end
+
+      # @api private
+      def mutation_configured(mutation_type)
+        if @preload
+          ensure_all_loaded([mutation_type])
+        end
+      end
+
+      # @api private
+      def subscription_configured(subscription_type)
+        if @preload
+          ensure_all_loaded([subscription_type])
+        end
+      end
+
+      # @api private
+      def orphan_types_configured(orphan_types)
+        if @preload
+          ensure_all_loaded(orphan_types)
+        end
+      end
+
+      # @api private
+      def introspection_system_configured(introspection_system)
+        if @preload
+          introspection_types = [
+            *@schema.introspection_system.types.values,
+            *@schema.introspection_system.entry_points.map { |ep| ep.type.unwrap },
+          ]
+          ensure_all_loaded(introspection_types)
+        end
+      end
+
+      # Make another Visibility for `schema` based on this one
+      # @return [Visibility]
+      # @api private
+      def dup_for(other_schema)
+        self.class.new(
+          other_schema,
+          dynamic: @dynamic,
+          preload: @preload,
+          profiles: @profiles,
+          migration_errors: @migration_errors
+        )
+      end
+
+      def migration_errors?
+        @migration_errors
+      end
+
+      attr_reader :cached_profiles
+
+      def profile_for(context, visibility_profile)
+        if !@profiles.empty?
+          if visibility_profile.nil?
+            if @dynamic
+              if context.is_a?(Query::NullContext)
+                top_level_profile
+              else
+                @schema.visibility_profile_class.new(context: context, schema: @schema)
+              end
+            elsif !@profiles.empty?
+              raise ArgumentError, "#{@schema} expects a visibility profile, but `visibility_profile:` wasn't passed. Provide a `visibility_profile:` value or add `dynamic: true` to your visibility configuration."
+            end
+          elsif !@profiles.include?(visibility_profile)
+            raise ArgumentError, "`#{visibility_profile.inspect}` isn't allowed for `visibility_profile:` (must be one of #{@profiles.keys.map(&:inspect).join(", ")}). Or, add `#{visibility_profile.inspect}` to the list of profiles in the schema definition."
+          else
+            @cached_profiles[visibility_profile] ||= @schema.visibility_profile_class.new(name: visibility_profile, context: context, schema: @schema)
+          end
+        elsif context.is_a?(Query::NullContext)
+          top_level_profile
+        else
+          @schema.visibility_profile_class.new(context: context, schema: @schema)
+        end
+      end
+
+      attr_reader :top_level
+
+      # @api private
+      attr_reader :unfiltered_interface_type_memberships
+
+      def top_level_profile(refresh: false)
+        if refresh
+          @top_level_profile = nil
+        end
+        @top_level_profile ||= @schema.visibility_profile_class.new(context: Query::NullContext.instance, schema: @schema)
+      end
+
+      private
+
+      def ensure_all_loaded(types_to_visit)
+        while (type = types_to_visit.shift)
+          if type.kind.fields? && @preloaded_types.add?(type)
+            type.all_field_definitions.each do |field_defn|
+              field_defn.ensure_loaded
+              types_to_visit << field_defn.type.unwrap
+            end
+          end
+        end
+        top_level_profile(refresh: true)
+        nil
+      end
+
+      def load_all(types: nil)
+        if @visit.nil?
+          # Set up the visit system
+          @interface_type_memberships = Hash.new { |h, interface_type| h[interface_type] = [] }.compare_by_identity
+          @directives = []
+          @types = {} # String => Module
+          @all_references = Hash.new { |h, member| h[member] = Set.new.compare_by_identity }.compare_by_identity
+          @unions_for_references = Set.new
+          @visit = Visibility::Visit.new(@schema) do |member|
+            if member.is_a?(Module)
+              type_name = member.graphql_name
+              if (prev_t = @types[type_name])
+                if prev_t.is_a?(Array)
+                  prev_t << member
+                else
+                  @types[type_name] = [member, prev_t]
+                end
+              else
+                @types[member.graphql_name] = member
+              end
+              member.directives.each { |dir| @all_references[dir.class] << member }
+              if member < GraphQL::Schema::Directive
+                @directives << member
+              elsif member.respond_to?(:interface_type_memberships)
+                member.interface_type_memberships.each do |itm|
+                  @all_references[itm.abstract_type] << member
+                  @interface_type_memberships[itm.abstract_type] << itm
+                end
+              elsif member < GraphQL::Schema::Union
+                @unions_for_references << member
+              end
+            elsif member.is_a?(GraphQL::Schema::Argument)
+              member.validate_default_value
+              @all_references[member.type.unwrap] << member
+              if !(dirs = member.directives).empty?
+                dir_owner = member.owner
+                if dir_owner.respond_to?(:owner)
+                  dir_owner = dir_owner.owner
+                end
+                dirs.each { |dir| @all_references[dir.class] << dir_owner }
+              end
+            elsif member.is_a?(GraphQL::Schema::Field)
+              @all_references[member.type.unwrap] << member
+              if !(dirs = member.directives).empty?
+                dir_owner = member.owner
+                dirs.each { |dir| @all_references[dir.class] << dir_owner }
+              end
+            elsif member.is_a?(GraphQL::Schema::EnumValue)
+              if !(dirs = member.directives).empty?
+                dir_owner = member.owner
+                dirs.each { |dir| @all_references[dir.class] << dir_owner }
+              end
+            end
+            true
+          end
+
+          @schema.root_types.each { |t| @all_references[t] << true }
+          @schema.introspection_system.types.each_value { |t| @all_references[t] << true }
+          @schema.directives.each_value { |dir_class| @all_references[dir_class] << true }
+
+          @visit.visit_each(types: []) # visit default directives
+        end
+
+        if types
+          @visit.visit_each(types: types, directives: [])
+        elsif @loaded_all == false
+          @loaded_all = true
+          @visit.visit_each
+        else
+          # already loaded all
+          return
+        end
+
+        # TODO: somehow don't iterate over all these,
+        # only the ones that may have been modified
+        @interface_type_memberships.each do |int_type, type_memberships|
+          referers = @all_references[int_type].select { |r| r.is_a?(GraphQL::Schema::Field) }
+          if !referers.empty?
+            type_memberships.each do |type_membership|
+              implementor_type = type_membership.object_type
+              # Add new items only:
+              @all_references[implementor_type] |= referers
+            end
+          end
+        end
+
+        @unions_for_references.each do |union_type|
+          refs = @all_references[union_type]
+          union_type.all_possible_types.each do |object_type|
+            @all_references[object_type] |= refs # Add new items
+          end
+        end
+      end
+    end
+  end
+end

data/lib/graphql/schema/warden.rb

@@ -19,6 +19,17 @@ module GraphQL
         PassThruWarden
       end
 
+      def self.types_from_context(context)
+        context.types || PassThruWarden
+      rescue NoMethodError
+        # this might be a hash which won't respond to #warden
+        PassThruWarden
+      end
+
+      def self.use(schema)
+        # no-op
+      end
+
       # @param visibility_method [Symbol] a Warden method to call for this entry
       # @param entry [Object, Array<Object>] One or more definitions for a given name in a GraphQL Schema
       # @param context [GraphQL::Query::Context]
@@ -61,23 +72,32 @@ module GraphQL
           def interface_type_memberships(obj_t, ctx); obj_t.interface_type_memberships; end
           def arguments(owner, ctx); owner.arguments(ctx); end
           def loadable?(type, ctx); type.visible?(ctx); end
+          def visibility_profile
+            @visibility_profile ||= Warden::VisibilityProfile.new(self)
+          end
         end
       end
 
       class NullWarden
         def initialize(_filter = nil, context:, schema:)
           @schema = schema
+          @visibility_profile = Warden::VisibilityProfile.new(self)
         end
 
+        # No-op, but for compatibility:
+        attr_writer :skip_warning
+
+        attr_reader :visibility_profile
+
         def visible_field?(field_defn, _ctx = nil, owner = nil); true; end
         def visible_argument?(arg_defn, _ctx = nil); true; end
         def visible_type?(type_defn, _ctx = nil); true; end
-        def visible_enum_value?(enum_value, _ctx = nil); true; end
+        def visible_enum_value?(enum_value, _ctx = nil); enum_value.visible?(Query::NullContext.instance); end
         def visible_type_membership?(type_membership, _ctx = nil); true; end
         def interface_type_memberships(obj_type, _ctx = nil); obj_type.interface_type_memberships; end
-        def get_type(type_name); @schema.get_type(type_name); end # rubocop:disable Development/ContextIsPassedCop
+        def get_type(type_name); @schema.get_type(type_name, Query::NullContext.instance, false); end # rubocop:disable Development/ContextIsPassedCop
         def arguments(argument_owner, ctx = nil); argument_owner.all_argument_definitions; end
-        def enum_values(enum_defn); enum_defn.enum_values; end # rubocop:disable Development/ContextIsPassedCop
+        def enum_values(enum_defn); enum_defn.enum_values(Query::NullContext.instance); end # rubocop:disable Development/ContextIsPassedCop
         def get_argument(parent_type, argument_name); parent_type.get_argument(argument_name); end # rubocop:disable Development/ContextIsPassedCop
         def types; @schema.types; end # rubocop:disable Development/ContextIsPassedCop
         def root_type_for_operation(op_name); @schema.root_type_for_operation(op_name); end
@@ -87,10 +107,88 @@ module GraphQL
         def reachable_type?(type_name); true; end
         def loadable?(type, _ctx); true; end
         def reachable_types; @schema.types.values; end # rubocop:disable Development/ContextIsPassedCop
-        def possible_types(type_defn); @schema.possible_types(type_defn); end
+        def possible_types(type_defn); @schema.possible_types(type_defn, Query::NullContext.instance, false); end
         def interfaces(obj_type); obj_type.interfaces; end
       end
 
+      def visibility_profile
+        @visibility_profile ||= VisibilityProfile.new(self)
+      end
+
+      class VisibilityProfile
+        def initialize(warden)
+          @warden = warden
+        end
+
+        def directives
+          @warden.directives
+        end
+
+        def directive_exists?(dir_name)
+          @warden.directives.any? { |d| d.graphql_name == dir_name }
+        end
+
+        def type(name)
+          @warden.get_type(name)
+        end
+
+        def field(owner, field_name)
+          @warden.get_field(owner, field_name)
+        end
+
+        def argument(owner, arg_name)
+          @warden.get_argument(owner, arg_name)
+        end
+
+        def query_root
+          @warden.root_type_for_operation("query")
+        end
+
+        def mutation_root
+          @warden.root_type_for_operation("mutation")
+        end
+
+        def subscription_root
+          @warden.root_type_for_operation("subscription")
+        end
+
+        def arguments(owner)
+          @warden.arguments(owner)
+        end
+
+        def fields(owner)
+          @warden.fields(owner)
+        end
+
+        def possible_types(type)
+          @warden.possible_types(type)
+        end
+
+        def enum_values(enum_type)
+          @warden.enum_values(enum_type)
+        end
+
+        def all_types
+          @warden.reachable_types
+        end
+
+        def interfaces(obj_type)
+          @warden.interfaces(obj_type)
+        end
+
+        def loadable?(t, ctx) # TODO remove ctx here?
+          @warden.loadable?(t, ctx)
+        end
+
+        def reachable_type?(type_name)
+          !!@warden.reachable_type?(type_name)
+        end
+
+        def visible_enum_value?(enum_value, ctx = nil)
+          @warden.visible_enum_value?(enum_value, ctx)
+        end
+      end
+
       # @param context [GraphQL::Query::Context]
       # @param schema [GraphQL::Schema]
       def initialize(context:, schema:)
@@ -100,17 +198,19 @@ module GraphQL
         @mutation = @schema.mutation
         @subscription = @schema.subscription
         @context = context
-        @visibility_cache = read_through { |m| schema.visible?(m, context) }
-        @visibility_cache.compare_by_identity
+        @visibility_cache = read_through { |m| check_visible(schema, m) }
         # Initialize all ivars to improve object shape consistency:
         @types = @visible_types = @reachable_types = @visible_parent_fields =
           @visible_possible_types = @visible_fields = @visible_arguments = @visible_enum_arrays =
           @visible_enum_values = @visible_interfaces = @type_visibility = @type_memberships =
           @visible_and_reachable_type = @unions = @unfiltered_interfaces =
-          @reachable_type_set =
+          @reachable_type_set = @visibility_profile =
             nil
+        @skip_warning = schema.plugins.any? { |(plugin, _opts)| plugin == GraphQL::Schema::Warden }
       end
 
+      attr_writer :skip_warning
+
       # @return [Hash<String, GraphQL::BaseType>] Visible types in the schema
       def types
         @types ||= begin
@@ -132,7 +232,7 @@ module GraphQL
       # @return [GraphQL::BaseType, nil] The type named `type_name`, if it exists (else `nil`)
       def get_type(type_name)
         @visible_types ||= read_through do |name|
-          type_defn = @schema.get_type(name, @context)
+          type_defn = @schema.get_type(name, @context, false)
           if type_defn && visible_and_reachable_type?(type_defn)
             type_defn
           else
@@ -179,7 +279,7 @@ module GraphQL
       # @return [Array<GraphQL::BaseType>] The types which may be member of `type_defn`
       def possible_types(type_defn)
         @visible_possible_types ||= read_through { |type_defn|
-          pt = @schema.possible_types(type_defn, @context)
+          pt = @schema.possible_types(type_defn, @context, false)
           pt.select { |t| visible_and_reachable_type?(t) }
         }
         @visible_possible_types[type_defn]
@@ -197,7 +297,7 @@ module GraphQL
       def arguments(argument_owner, ctx = nil)
         @visible_arguments ||= read_through { |o|
           args = o.arguments(@context)
-          if args.any?
+          if !args.empty?
             args = args.values
             args.select! { |a| visible_argument?(a, @context) }
             args
@@ -229,7 +329,7 @@ module GraphQL
       def interfaces(obj_type)
         @visible_interfaces ||= read_through { |t|
           ints = t.interfaces(@context)
-          if ints.any?
+          if !ints.empty?
             ints.select! { |i| visible_type?(i) }
           end
           ints
@@ -289,9 +389,9 @@ module GraphQL
           next true if root_type?(type_defn) || type_defn.introspection?
 
           if type_defn.kind.union?
-            possible_types(type_defn).any? && (referenced?(type_defn) || orphan_type?(type_defn))
+            !possible_types(type_defn).empty? && (referenced?(type_defn) || orphan_type?(type_defn))
           elsif type_defn.kind.interface?
-            if possible_types(type_defn).any?
+            if !possible_types(type_defn).empty?
               true
             else
               if @context.respond_to?(:logger) && (logger = @context.logger)
@@ -376,11 +476,61 @@ module GraphQL
       end
 
       def read_through
-        h = Hash.new { |h, k| h[k] = yield(k) }
-        h.compare_by_identity
-        h
+        Hash.new { |h, k| h[k] = yield(k) }.compare_by_identity
+      end
+
+      def check_visible(schema, member)
+        if schema.visible?(member, @context)
+          true
+        elsif @skip_warning
+          false
+        else
+          member_s = member.respond_to?(:path) ? member.path : member.inspect
+          member_type = case member
+          when Module
+            if member.respond_to?(:kind)
+              member.kind.name.downcase
+            else
+              ""
+            end
+          when GraphQL::Schema::Field
+            "field"
+          when GraphQL::Schema::EnumValue
+            "enum value"
+          when GraphQL::Schema::Argument
+            "argument"
+          else
+            ""
+          end
+
+          schema_s = schema.name ? "#{schema.name}'s" : ""
+          schema_name = schema.name ? "#{schema.name}" : "your schema"
+          warn(ADD_WARDEN_WARNING % { schema_s: schema_s, schema_name: schema_name, member: member_s, member_type: member_type })
+          @skip_warning = true # only warn once per query
+          # If there's no schema name, add the backtrace for additional context:
+          if schema_s == ""
+            puts caller.map { |l| "    #{l}"}
+          end
+          false
+        end
       end
 
+      ADD_WARDEN_WARNING = <<~WARNING
+DEPRECATION: %{schema_s} "%{member}" %{member_type} returned `false` for `.visible?` but `GraphQL::Schema::Visibility` isn't configured yet.
+
+  Address this warning by adding:
+
+      use GraphQL::Schema::Visibility
+
+  to the definition for %{schema_name}. (Future GraphQL-Ruby versions won't check `.visible?` methods by default.)
+
+  Alternatively, for legacy behavior, add:
+
+      use GraphQL::Schema::Warden # legacy visibility behavior
+
+  For more information see: https://graphql-ruby.org/authorization/visibility.html
+      WARNING
+
       def reachable_type_set
         return @reachable_type_set if @reachable_type_set