search

exAspArk / graphql-guard

Simple authorization gem for GraphQL :lock:
MIT License
472 stars 36 forks source link

Does not seem to work with GraphQL::Execution::Interpreter #37

Closed tmikoss closed 4 years ago

tmikoss commented 4 years ago

graphql gem v1.10 adds GraphQL::Execution::Interpreter by default in newly generated schemas, and that somehow sidesteps graphql-guard. For example, with following configuration:

class MySchema < GraphQL::Schema
  query(Types::QueryType)

  # Opt in to the new runtime (default in future graphql-ruby versions)
  use(GraphQL::Execution::Interpreter)
  use(GraphQL::Analysis::AST)

  use(GraphQL::Guard.new)
end

module Types
  class QueryType < Types::BaseObject
    guard ->(obj, args, ctx) { false }
    field :current_user, UserType, null: false
  end
end

the query

query {
  currentUser {
    id
  }
}

is successful. After commenting out

  use(GraphQL::Execution::Interpreter)
  use(GraphQL::Analysis::AST)

block, the same query returns an error, as expected.

DanAndreasson commented 4 years ago

I have the same issue

ghost commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

tmikoss commented 4 years ago

Any suggestions where to start debugging this issue?

exAspArk commented 4 years ago

Hey guys,

This issue is related to this one https://github.com/exAspArk/graphql-guard/issues/28#issuecomment-511448728. I won't be adding support for the new Interpreter as long as the graphql gem has this feature in the experimental status:

image

I would like to avoid making unnecessary breaking changes from one graphql gem version to another. But feel free to open a PR if you want to contribute and help other people :)

tmikoss commented 4 years ago

Thanks for the update, makes sense. Had not noticed the Interpreter is still marked as experimental. Being included in generate graphql:install output made me sure it was the new default.

exAspArk commented 4 years ago

@tmikoss yeah, it was marked as experimental for a while now. Please wake me up once the Interpreter is stable :smile_cat:

imcvampire commented 4 years ago

Hi @exAspArk,

The latest version brings new runtime as a stable feature. Can you consider to update package?

Screen Shot 2020-03-15 at 10 22 51 PM
msroot commented 4 years ago

I have the same issue

Using:

graphql (1.10.4)
graphql-batch (0.4.2)
graphql (>= 1.3, < 2)
promise.rb (~> 0.7.2)
graphql-errors (0.4.0)
graphql (>= 1.6.0, < 2)
graphql-guard (1.3.1)
graphql (>= 1.6.0, < 2)
graphql-query-resolver (0.2.0)
graphql (~> 1.0, >= 1.0.0)
graphql-rails_logger (1.2.2)


class MyApiSchema < GraphQL::Schema
  mutation(Types::MutationType)
  query(Types::QueryType)

  # Opt in to the new runtime (default in future graphql-ruby versions)
  use GraphQL::Execution::Interpreter
  use GraphQL::Analysis::AST

  # Add built-in connections for pagination
  use GraphQL::Pagination::Connections

  use GraphQL::Batch
  use GraphQL::Guard.new(policy_object: GraphqlPolicy)  
end

It works when remove the 

use GraphQL::Execution::Interpreter
use GraphQL::Analysis::AST
exAspArk commented 4 years ago

I've finally made graphql-guard work with the latest graphql gem version and Interpreter. I'd appreciate if someone would like to give it a try https://github.com/exAspArk/graphql-guard/pull/39 😉 

# in your Gemfile
gem 'graphql-guard', github: 'exAspArk/graphql-guard', branch: 'graphql-interpreter'
exAspArk commented 4 years ago

Released a new version 2.0.0. More information in the Changelog.

Please let me know if there are any issues :)