Domain Model for Nodes/Contents is inconsistent

Jotschi commented 5 years ago

The current domain model for nodes/content is inconsistent.

A node takes on multiple tasks which are also dynamic:

Being a container for contents
Being the content itself

Results of this being

Listing nodes will be able to correctly check for read_published perm. This permission check will currently only work as expected when loading a single node. Loading a single node will in turn always target a specific content (branch, language). Loading a node list on the other hand will not check whether the content of the loaded node is published or not. The permission check and filter is only applied to nodes.
GraphQL schema is inconsistent. A NodeContent can be a Node and also a NodeGraphFieldContainer.

Relates to #119 , #499

Mitigation

We could add extra filter steps for node list requests and filter out nodes that are not published if only the read_published perm is granted.

Ideas

Refactor the GraphQL and REST API and introduce concept of contents
Add dedicated GraphQL type for Content (NodeGraphFieldContainer)
Add dedicated NodeGraphFieldContainerRoot which must be used when iterating or add custom traversal which takes Node/NodeGraphFieldContainer relation (Published,Draft, Branch) into account.
Check whether permissions should be granted on NodeGraphFieldContainer as well or additionally.

Jotschi commented 3 years ago

Possible new type schema:

{
  # New
  content(path: "/MyContent.html") {
    version
    language
    ... on vehicle {
      fields {
        price     
      }
    }
    node {
      uuid
    }
  }

  content(uuid: "ca6c7df3f45b48d4ac7df3f45ba8d42f", lang: "en") {
     version
     language
     ... on vehicle {
     fields {
       price     
     }
    }
    node {
      uuid
    }
  }

  # Old
  node(uuid: "ca6c7df3f45b48d4ac7df3f45ba8d42f") {

    # This will always return the draft content
    # since the type is hardcoded.
    # The node itself has no type and thus it is
    # not directly possible to choose a specific type.
    node(lang: "fr") {

    }
    uuid
    ... on vehicle {
      fields {
        price
      }
    }
  }
  nodes {
    elements {
      uuid
      ... on vehicle {
        fields {
          price
        }
      }
    }
  }
}

Jotschi commented 3 years ago

Changes would be:

Name	Field	Breaking	Description
New content field	.content	No	UUID + Lang or Webroot Path yields Content
-	.node	No	Only UUID yields Node (included for comparison)
Node field in content	.content.node	No	Within a content it is possible to retrieve the parent node
Deprecate .fields	.node.fields	~	This would be replaced with .content to get consistent naming

Other fields may also be updated. See https://github.com/gentics/mesh/pull/1101 for a complete list of ways to load nodes/contents

Loading a node would only be possible when READ permission has been granted. Otherwise it is only possible to load contents. :warning: It is not possible to check READ_PUBLISHED permissions on a node. This permission can only be check when the context includes the content. The content can be DRAFT or PUBLISHED. This information is needed for the perm check.

:question: We could of course also define that READ_PUBLISHED grants read to NODES but forbids read on the actual published content. I think this would make more sense and reduce impact of the change.

gentics / mesh-incubator