-
-
Notifications
You must be signed in to change notification settings - Fork 567
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v4] Regression: permission denied on function leads to data:null in response #563
Comments
Could you provide a minimal |
Here's my attempt to reproduce the issue; but Are you using the very latest v4? |
@benjie I also tried the latest version. The error only happens with missing grants: CREATE OR REPLACE FUNCTION public.test() RETURNS boolean LANGUAGE 'sql' AS $func$ SELECT true $func$;
REVOKE EXECUTE ON FUNCTION public.test() FROM PUBLIC; mutation regression {
test(input: {}) {
clientMutationId
boolean
}
}
|
@EyMaddis in v3, are you saying the If we change this at this point, it's a breaking change. Some people might be relying on the combination of errors and data:null to indicate specific failure reasons. |
If the behaviour between v3 and v4 differs then the v3 behaviour wins unless there's a good reason to change it. Every version bump of v4 alpha should be seen as a major bump - it's an alpha. Once it's at general availability we will be making schema changes breaking changes but we're not there yet. I've not decided which behaviour is the correct behaviour in this issue yet, haven't had time to look into it. I think it has to return the mutation payload field otherwise you cannot access the clientMutationId. |
@chadfurman in v3 it returns @benjie I would say that the v3 way is the correct one, as I could also query other information within one request. This either breaks with this behavior (did not verify this) or you have to use always check if |
I suspect what has happened here is that I've marked it as "non null" and thus GraphQL has cascaded the null upstream to the root, which is definitely not what we want. However; what I'd expect is to be able to get |
So I read the mutations spec and it doesn't really account for errors. I'm not sure what I've changed mutation payloads back to nullable which should solve this. |
Hi,
I found a regression when comparing v3 to v4, here is my test setup.
I blocked
DELETE
for tables, blockingdeleteUserById
and blocked execute for the functionremoveUserById
.The following tests are identical, except for the line highlighted with
FIXME
.The first test case does break with v3 with
AssertionError: expected { removeUserById: null } to deeply equal null
, which is the behavior I expected.The text was updated successfully, but these errors were encountered: