Closed khoi-fish closed 1 week ago
Same repo and reproduction steps as https://github.com/neo4j/graphql/issues/5497 but just a different mutation. Please let me know if anyone has issues reproducing the bug. Also, I will try to keep the AuraDB instance up and running this time lol
We've been able to confirm this bug using the steps to reproduce that you provided - many thanks @khoi-fish! :pray: We will now prioritise the bug and address it appropriately.
Minimal reproduction for testing:
No data required.
Type definitions:
type JWT @jwt {
roles: [String!]!
}
type User
@authorization(
validate: [
{ operations: [CREATE, DELETE], where: { jwt: { roles_INCLUDES: "admin" } } }
{ operations: [READ, UPDATE], where: { node: { id: "$jwt.sub" } } }
]
filter: [{ where: { node: { id: "$jwt.sub" } } }]
) {
id: ID!
cabinets: [Cabinet!]! @relationship(type: "HAS_CABINET", direction: OUT)
}
type Cabinet @authorization(filter: [{ where: { node: { user: { id: "$jwt.sub" } } } }]) {
id: ID! @id
categories: [Category!]! @relationship(type: "HAS_CATEGORY", direction: OUT)
user: User! @relationship(type: "HAS_CABINET", direction: IN)
}
type Category @authorization(filter: [{ where: { node: { cabinet: { user: { id: "$jwt.sub" } } } } }]) {
id: ID! @id
files: [File!]! @relationship(type: "HAS_FILE", direction: OUT)
cabinet: Cabinet! @relationship(type: "HAS_CATEGORY", direction: IN)
}
type File {
id: ID! @unique
category: Category @relationship(type: "HAS_FILE", direction: IN)
}
Mutation:
mutation {
deleteCategories(where: { id: "category-video" }) {
__typename
nodesDeleted
relationshipsDeleted
}
}
Error output:
{
"errors": [
{
"message": "Variable `this` not defined (line 9, column 8 (offset: 281))\n\"WHERE (this.id = $param1 AND ($isAuthenticated = true AND var2 = true))\"\n ^",
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"deleteCategories"
],
"extensions": {
"code": "INTERNAL_SERVER_ERROR",
"stacktrace": [
"Neo4jError: Variable `this` not defined (line 9, column 8 (offset: 281))",
"\"WHERE (this.id = $param1 AND ($isAuthenticated = true AND var2 = true))\"",
" ^",
"",
" at captureStacktrace (/graphql/node_modules/neo4j-driver-core/lib/result.js:624:17)",
" at new Result (/graphql/node_modules/neo4j-driver-core/lib/result.js:112:23)",
" at newCompletedResult (/graphql/node_modules/neo4j-driver-core/lib/transaction.js:528:12)",
" at Object.run (/graphql/node_modules/neo4j-driver-core/lib/transaction.js:360:20)",
" at TransactionPromise.Transaction.run (/graphql/node_modules/neo4j-driver-core/lib/transaction.js:181:34)",
" at ManagedTransaction.run (/graphql/node_modules/neo4j-driver-core/lib/transaction-managed.js:54:21)",
" at Executor.transactionRun (/graphql/packages/graphql/src/classes/Executor.ts:297:28)",
" at /graphql/packages/graphql/src/classes/Executor.ts:274:33",
" at TransactionExecutor._safeExecuteTransactionWork (/graphql/node_modules/neo4j-driver-core/lib/internal/transaction-executor.js:211:26)",
" at TransactionExecutor.<anonymous> (/graphql/node_modules/neo4j-driver-core/lib/internal/transaction-executor.js:198:46)"
]
}
}
],
"data": null
}
Hi @khoi-fish
Thanks for your report. I'm terribly sorry that this keeps cropping up in different places. Bear with us as we keep patching these :pray:. Your reports are being really helpful on finding and testing these cases
No worries at all! Happy to help out 🙌
Describe the bug When a nested type contains auth rules, the underlying Cypher that's produced is invalid.
Minimal repo for reproduction: https://github.com/khoi-fish/neo4j-graphql-where-bug (used for a previous bug report, please ignore the naming)
Type definitions
(Note this can also be found under
src/types/index.ts
To Reproduce
https://github.com/khoi-fish/neo4j-graphql-where-bug
How to run dev mode
.env
file with the following contentsAll variables can be found under this project's Settings -> Secrets and variables -> Actions -> "Variables" tab
npm install
Run
npm run dev
a. (optional) Run
npm run dev:debug
to get Cypher outputReproducing the error
localhost:4000/graphql
Run the following mutation:
"Variable this not defined (line 9, column 8 ..."
Note that the delete operation works when auth rules are not defined.
Corresponding Cypher output:
Expected behavior
The category should be deleted and there should be no errors
Screenshot
System (please complete the following information):
Additional context Add any other context about the problem here.