Open Jotschi opened 5 years ago
Possible new type schema:
{
# New
content(path: "/MyContent.html") {
version
language
... on vehicle {
fields {
price
}
}
node {
uuid
}
}
content(uuid: "ca6c7df3f45b48d4ac7df3f45ba8d42f", lang: "en") {
version
language
... on vehicle {
fields {
price
}
}
node {
uuid
}
}
# Old
node(uuid: "ca6c7df3f45b48d4ac7df3f45ba8d42f") {
# This will always return the draft content
# since the type is hardcoded.
# The node itself has no type and thus it is
# not directly possible to choose a specific type.
node(lang: "fr") {
}
uuid
... on vehicle {
fields {
price
}
}
}
nodes {
elements {
uuid
... on vehicle {
fields {
price
}
}
}
}
}
Changes would be:
Name | Field | Breaking | Description |
---|---|---|---|
New content field | .content | No | UUID + Lang or Webroot Path yields Content |
- | .node | No | Only UUID yields Node (included for comparison) |
Node field in content | .content.node | No | Within a content it is possible to retrieve the parent node |
Deprecate .fields | .node.fields | ~ | This would be replaced with .content to get consistent naming |
Other fields may also be updated. See https://github.com/gentics/mesh/pull/1101 for a complete list of ways to load nodes/contents
Loading a node would only be possible when READ permission has been granted. Otherwise it is only possible to load contents. :warning: It is not possible to check READ_PUBLISHED permissions on a node. This permission can only be check when the context includes the content. The content can be DRAFT or PUBLISHED. This information is needed for the perm check.
:question: We could of course also define that READ_PUBLISHED grants read to NODES but forbids read on the actual published content. I think this would make more sense and reduce impact of the change.
The current domain model for nodes/content is inconsistent.
A node takes on multiple tasks which are also dynamic:
Results of this being
Listing nodes will be able to correctly check for
read_published
perm. This permission check will currently only work as expected when loading a single node. Loading a single node will in turn always target a specific content (branch, language). Loading a node list on the other hand will not check whether the content of the loaded node is published or not. The permission check and filter is only applied to nodes.GraphQL schema is inconsistent. A
NodeContent
can be aNode
and also aNodeGraphFieldContainer
.Relates to #119 , #499
Mitigation
read_published
perm is granted.Ideas