search

ChilliCream / graphql-platform

Welcome to the home of the Hot Chocolate GraphQL server for .NET, the Strawberry Shake GraphQL client for .NET and Banana Cake Pop the awesome Monaco based GraphQL IDE.
https://chillicream.com
MIT License
5.25k stars 745 forks source link

IObjectFieldDescriptor.Authorize ambiguity #5095

Open cphillips83 opened 2 years ago

cphillips83 commented 2 years ago

Is there an existing issue for this?

Describe the bug

When passing a single role param into the Authorize extension it selects a policy instead, but adding a 2nd string param will then select the role variation. This can lead to some confusing overload usage.

I think the optional param on the policy should be removed or params remove from the role variation so that its clear which overload is selected.

    {
        public static IObjectFieldDescriptor Authorize(this IObjectFieldDescriptor descriptor, string policy, ApplyPolicy apply = ApplyPolicy.BeforeResolver);
        public static IObjectFieldDescriptor Authorize(this IObjectFieldDescriptor descriptor, params string[] roles);
    }

Steps to reproduce

    public class UserType : ObjectType<User>
    {
        protected override void Configure(IObjectTypeDescriptor<User> descriptor)
        {
            base.Configure(descriptor);
            descriptor.Authorize();
            descriptor.Field(t => t.Password).Authorize("Admin");
        }
    }

Due to params string[] roles and string policy having a optional param, .NET matches the incorrect signature (unless you pass more than one param in).

My suggestion is to remove the optional param or remove params off the role variation.

Relevant log output

No response

Additional Context?

No response

Product

Hot Chocolate

Version

12.9.0

cphillips83 commented 2 years ago

Probably should have filed this under enhancement.