-
-
Notifications
You must be signed in to change notification settings - Fork 9.2k
Description
Bug report
Required System information
- Node.js version: v14.19.1
- NPM version: 6.14.16
- Strapi version: 4.3.4
- Database: MySQL 8
- Operating system: MacOS
Describe the bug
I am using Strapi with the GraphQL plugin.
I would like to remove all of the queries and mutations that are generated related to plugins (e.g. users-permissions plugin).
I have seen from the docs that the way to remove operations from the schema is to do the following:
extensionService.shadowCRUD('api::category.category').disableQueries();
extensionService.shadowCRUD('api::address.address').disableMutations();I have the following code to remove operations related to the plugins:
extensionService
.shadowCRUD("plugin::users-permissions.role")
.disableQueries();
extensionService
.shadowCRUD("plugin::users-permissions.role")
.disableMutations();
extensionService
.shadowCRUD("plugin::users-permissions.user")
.disableQueries();
extensionService
.shadowCRUD("plugin::users-permissions.user")
.disableMutations();
extensionService.shadowCRUD("plugin::i18n.locale").disableQueries();
extensionService.shadowCRUD("plugin::upload.folder").disableQueries();
extensionService.shadowCRUD("plugin::upload.folder").disableMutations();
extensionService.shadowCRUD("plugin::upload.file").disableMutations();
extensionService.shadowCRUD("plugin::upload.file").disableQueries();This code successfully removes all queries (apart from 'me') from the schema. However, it does not remove all mutations.
Here is the original list of mutations without any exclusions:
- createUploadFile(...): UploadFileEntityResponse
- updateUploadFile(...): UploadFileEntityResponse
- deleteUploadFile(...): UploadFileEntityResponse
- createUploadFolder(...): UploadFolderEntityResponse
- updateUploadFolder(...): UploadFolderEntityResponse
- deleteUploadFolder(...): UploadFolderEntityResponse
- upload(...): UploadFileEntityResponse!
- multipleUpload(...): [UploadFileEntityResponse]!
- updateFileInfo(...): UploadFileEntityResponse!
- removeFile(...): UploadFileEntityResponse
- createUsersPermissionsRole(...): UsersPermissionsCreateRolePayload
- updateUsersPermissionsRole(...): UsersPermissionsUpdateRolePayload
- deleteUsersPermissionsRole(...): UsersPermissionsDeleteRolePayload
- createUsersPermissionsUser(...): UsersPermissionsUserEntityResponse!
- updateUsersPermissionsUser(...): UsersPermissionsUserEntityResponse!
- deleteUsersPermissionsUser(...): UsersPermissionsUserEntityResponse!
- login(...): UsersPermissionsLoginPayload!
- register(...): UsersPermissionsLoginPayload!
- forgotPassword(...): UsersPermissionsPasswordPayload
- resetPassword(...): UsersPermissionsLoginPayload
- changePassword(...): UsersPermissionsLoginPayload
- emailConfirmation(...): UsersPermissionsLoginPayload
The above code only removes the following mutations from the schema:
- createUploadFile(...): UploadFileEntityResponse
- updateUploadFile(...): UploadFileEntityResponse
- deleteUploadFile(...): UploadFileEntityResponse
- createUploadFolder(...): UploadFolderEntityResponse
- updateUploadFolder(...): UploadFolderEntityResponse
- deleteUploadFolder(...): UploadFolderEntityResponse
I cannot see why it removes some mutations related to files and folders, but not others. I also can't see why the code succeeds in removing queries relating to users-permissions, but not the mutations.
It could be that I just don't know how this works, but I've not been able to find any documentation related to removing operations related to plugins from the schema. The best I got was this SO question that as of yet has not had a proper answer. https://stackoverflow.com/questions/73331289/disable-graphql-queries-other-than-crud-in-strapi-v4
Anyway, it seems to me like it's behaving in a very inconsistent way, hence why I'm filing a bug report.
Steps to reproduce the behavior
Add the code above to src/index.ts.
Run Strapi and check out the schema in the GraphQL Playground - look for which operations have been excluded and which haven't.
Expected behavior
All operations related to the plugins would have been excluded.