Only validate that object is a struct if it is scoped

.gitignore

@@ -8,3 +8,4 @@ erl_crash.dump
 *.beam
 /config/*.secret.exs
 .elixir_ls
+.DS_Store

lib/middlewares/object_scope_authorization.ex

@@ -112,9 +112,10 @@ defmodule Rajska.ObjectScopeAuthorization do
   end
 
   # Object
-  defp result(%{fields: fields, emitter: %{schema_node: schema_node} = emitter, root_value: %scope{} = root_value} = result, context) do
+  defp result(%{fields: fields, emitter: %{schema_node: schema_node} = emitter, root_value: root_value} = result, context) do
     type = Introspection.get_object_type(schema_node.type)
     scope_by = get_scope_by!(type)
+    scope = get_scope!(scope_by, result)
 
     default_rule = Rajska.apply_auth_mod(context, :default_rule)
     rule = Type.meta(type, :rule) || default_rule
@@ -125,12 +126,6 @@ defmodule Rajska.ObjectScopeAuthorization do
     end
   end
 
-  # Invalid object
-  defp result(%{emitter: %{schema_node: schema_node}, root_value: root_value}, _context) do
-    type = Introspection.get_object_type(schema_node.type)
-    raise "Expected a Struct for object #{inspect(type.identifier)}, got #{inspect(root_value)}"
-  end
-
   # List
   defp result(%{values: values} = result, context) do
     %{result | values: walk_result(values, context)}
@@ -160,6 +155,13 @@ defmodule Rajska.ObjectScopeAuthorization do
     end
   end
 
+  defp get_scope!(false, _result), do: false
+  defp get_scope!(_scope_by, %{root_value: %scope{}}), do: scope
+  defp get_scope!(_scope_by, %{emitter: %{schema_node: schema_node}, root_value: root_value}) do
+    type = Introspection.get_object_type(schema_node.type)
+    raise "Expected a Struct for object #{inspect(type.identifier)}, got #{inspect(root_value)}"
+  end
+
   defp authorized?(_scope, false, _values, _context, _, _object), do: true
 
   defp authorized?(scope, scope_field, values, context, rule, _object) do

test/middlewares/field_authorization_test.exs

@@ -69,6 +69,10 @@ defmodule Rajska.FieldAuthorizationTest do
       field :get_both_scopes, :both_scopes do
         resolve fn _args, _ -> {:ok, %{phone: "123456"}} end
       end
+
+      field :not_struct, :user do
+        resolve fn _args, _ -> {:ok, %{id: 1}} end
+      end
     end
 
     object :user do
@@ -183,6 +187,12 @@ defmodule Rajska.FieldAuthorizationTest do
     end
   end
 
+  test "Raises when source object is not a struct" do
+    assert_raise RuntimeError, ~r/Expected a Struct for source object in field \"phone\", got %{id: 1}/, fn ->
+      Absinthe.run(not_struct_query(), __MODULE__.Schema, context(:user, 2))
+    end
+  end
+
   defp get_user_query(id, is_email_public) do
     """
     {
@@ -217,5 +227,16 @@ defmodule Rajska.FieldAuthorizationTest do
     """
   end
 
+  defp not_struct_query do
+    """
+    {
+      notStruct {
+        name
+        phone
+      }
+    }
+    """
+  end
+
   defp context(role, id), do: [context: %{current_user: %{role: role, id: id}}]
 end