search

exAspArk / graphql-guard

Simple authorization gem for GraphQL :lock:
MIT License
471 stars 36 forks source link

Type-level guard taking higher priority than field-level #18

Closed pooja335 closed 6 years ago

pooja335 commented 6 years ago

Hi! I am trying to setup field-level and type-level permissioning, and I'm running to an issue where the type guard seems to have a higher priority than the field. Here is my code:

module Types
  ExampleType = GraphQL::ObjectType.define do
    name "Example"
    description "Example Description"

    implements GraphQL::Relay::Node.interface

    guard ->(obj, _args, context) { false }

    global_id_field :id
    field :weight, types.String
    field :pulse, types.String
    field :height do
      type types.String
      guard ->(obj, args, context) { true }

      resolve lambda {|obj, _args, _context|
        obj.height
      }
    end
  end
end

I'm not able to see any of the fields, including height, even though the guard returns true for height.

exAspArk commented 6 years ago

Hi @pooja335,

Which version of graphql gem do you use? I can't reproduce it with 1.7.14 or 1.8.5. Just in general here is how the code which detects the priority looks like (fields first, then type):

https://github.com/exAspArk/graphql-guard/blob/c8b379e182256ea4c2435272036ccaab4b57b4a9/lib/graphql/guard.rb#L49-L54

When you remove type-level guard, does it work?

exAspArk commented 6 years ago

Closing the issue, feel free to reopen if you have more details.