Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Type permissions with no explicit resolvers. #18

Closed
maticzav opened this issue Feb 21, 2018 · 1 comment
Closed

Type permissions with no explicit resolvers. #18

maticzav opened this issue Feb 21, 2018 · 1 comment
Milestone
2.0

Comments

@maticzav
Copy link
Owner

A bit of context, shield is meant to be a wrapper for resolvers. Currently, the two parameters it accepts are permissions and resolvers - I think that adding typeDefs as another argument makes everything unnecessarily more complex.

The problem is that since people often only define types in typeDefs but do not resolve them in resolvers (graphql manages this for them automatically behind the scenes). When generating resolvers from permissions, I cannot tell which resolvers might exist in the end since I can obtain only the keys in defined resolvers and permissions.

Let’s say, for example, that we have such schema and permissions…

type Query {
   text: String!
   list: [String!]!
   type: Type!
}

type Mutation {
   development: String!
}

type Type {
   property: String!
   properties: [String!]!
   hiddenProperty: String!
}

schema {
   query: Query,
   mutation: Mutation
}
const _permissions = {
   Query: () => true,
   Type: {
      property: () => true,
      properties: () => true
      // hiddenProperty should by default be blacklisted
   }
}

Now we have two options for resolving Type; first, resolving it only in Query and second, resolving it under Type. Taking the first approach the exact scenario occurs, since neither resolvers nor permissions define hiddenProperty key, shield cannot make a tree this deep and hiddenProperty query is always resolved.

const _resolvers = {
   Query: {
      text: () => 'simpletext',
      list: () => ['firsttext', 'secondtext', 'thirdtext'],
      type: () => ({
         property: 'typeproperty',
         properties: [
            'firsttypeproperty',
            'secondtypeproperty',
            'thirdtypeproperty'
         ],
         hiddenProperty: 'hiddentypeproperty'
      })
   },
   Mutation: {
      development: () => 'notpublic'
   },
}

On the other hand, the following works as expected.

const _resolvers = {
   Query: {
      text: () => 'simpletext',
      list: () => ['firsttext', 'secondtext', 'thirdtext'],
      type: () => ({})
   },
   Mutation: {
      development: () => 'notpublic'
   },
   Type: {
      property: () => 'typeproperty',
      properties: () => [
         'firsttypeproperty',
         'secondtypeproperty',
         'thirdtypeproperty'
      ],
      hiddenProperty: () => 'hiddentypeproperty'
   }
}
@maticzav maticzav added this to the 2.0 milestone Feb 21, 2018
@maticzav
Copy link
Owner Author

Replacing/adding resolvers parameter with typeDefs would probably fix the problem since we could extract all the resolvers from schema, but I am not sure whether this is the best approach...

const resolvers = shield(typeDefs, resolvers, permissions)

@maticzav maticzav mentioned this issue May 26, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0
Development

No branches or pull requests
1 participant
@maticzav