New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GraphQL: honor access control rules #1602
Conversation
31edb9b
to
1b12bf8
Compare
1b12bf8
to
2d70d9b
Compare
features/authorization/deny.feature
Outdated
@@ -59,7 +58,7 @@ Feature: Authorization checking | |||
""" | |||
Then the response status code should be 201 | |||
|
|||
Scenario: An user retrieve cannot retrieve an item he doesn't own | |||
Scenario: An user retrieves cannot retrieve an item he doesn't own |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better? An user cannot retrieve an item he doesn't own
@@ -65,6 +68,12 @@ public function __invoke(string $resourceClass = null, string $rootClass = null, | |||
} | |||
|
|||
$resourceMetadata = $this->resourceMetadataFactory->create($resourceClass); | |||
if (null !== $this->resourceAccessChecker) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't you put this in an abstract or a service? This is duplicated in CollectionResolverFactory
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And in ItemResolver
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've moved this logic in a trait in the meantime.
/** | ||
* @expectedException \Symfony\Component\Security\Core\Exception\AccessDeniedException | ||
*/ | ||
public function testIsNotGranted() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use @dataProvider
and remove the duplication?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You've done it below!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be done in the lowest branch or it will create merge conflicts later :(
8ddda03
to
236f224
Compare
fbb114a
to
6e747a4
Compare
And now the GraphQL subsystem is hooked in the authorization mechanism.
Next step: validation, and we'll be almost done!
TODO: