-
-
Notifications
You must be signed in to change notification settings - Fork 722
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explicit binding behavior dont work in v13 #5709
Comments
The binding behavior affects only Code-first types, such as |
@tobias-tengler seriously? Returning objects without a ObjectType will just auto bind everything? Also when i added We have a lot of resolver returning domain models where not all properties are intended for the client. + our EF contains a lot entities not intended for the client. Missing one For a reference. Downgrading the "graphql" template project from v13 to v12.6 (+ removing the QueryType attribute and registering the Query class using AddQuery) everything works as expected. Query, Book and Author have no fields. |
If you set the
I think the behavior before was a bug and the intention of this feature was to just apply to Code-first Types. But just to be sure: @michaelstaib the BindingBehavior should just work for Code-first Types, right? And it no longer "working" for Annotation-based is an intended breaking change we did this version? |
There will be a lot of security concerns of auto binding objects without |
That's true. But in a production application you should at least have a schema snapshot test to prevent exactly this from happening... |
How do you bind the |
Can you provide a minimal repro that shows your issue? |
Of course. I will publish a repro repo 👍 |
protected override ObjectTypeDefinition CreateDefinition(
ITypeDiscoveryContext context)
{
var descriptor = ObjectTypeDescriptor.New<T>(context.DescriptorContext);
_configure!(descriptor);
_configure = null;
// if the object type is inferred from a runtime time we will bind fields implicitly
// even if the schema building option are set to bind explicitly by default;
// otherwise we would end up with types that have no fields.
if (context.IsInferred)
{
descriptor.BindFieldsImplicitly();
}
return descriptor.CreateDefinition();
} During type initialization we now bind implicitly if the type was inferred. It might be that there is a bug with that ... once I have your reopro I will test what the issue is. |
@michaelstaib I have finally gotten around to create a repro repo https://github.com/jarlef/HotChocolateExplicitBinding |
I think its okay with ending up with a startup exceptions due to no fields defined (as it does for v12 and earlier) when running in explicit mode. There could however possible been an improvement to configuration of how binding is configured across types. E.g |
The train of thought we had was very different of how you use this. So, far we in discussions thought of the status quo kind of as a bug. But in your case you are forcing declaration with the errors. I will reflect on how we can reconcile both use-cases. |
So... we have discussed this quite a bit now and will rework this. Types with attributes will always bind implicitly since its an explicit decision in this case to bind implicit. Its equivalent to 'BindFieldsImplicitly()' on a type that overrides the default behavior. Types that however have no attribute will bind explicitly like before. While it could be desirable to have even more fine grained control over the type inference it becomes also all more complex. We will ship it with rc.5 and it feels quite well balanced now. |
Sounds good Looking forward to testing it out. 👍 |
Is there an existing issue for this?
Product
Hot Chocolate
Describe the bug
Changing
DefaultBindingBehavior
toBindingBehavior.Explicit
does not effect the behavior and all fields are bound implicit. I would expect that at least Author and Book type would have no fields bound and that a ObjecTypeDescriptor would be created defining the fields.Steps to reproduce
dotnet new graphql
Relevant log output
No response
Additional Context?
No response
Version
13.0.0-rc.1
The text was updated successfully, but these errors were encountered: