You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In version 1.2.3, a bugfix was introduced to make relationships non-nullable if the foreign key column is non-nullable.
However due to RLS, it is possible that a non-nullable foreign key column produces a relationship that returns null.
My team recently faced this as we're building an access-control system that limits which entities a user can access. e.g. a user might have access to an entity with a non-nullable foreign key field subsystemId, but the administrator may disable view access to that specific subsystem. When performing the query:
...the user will receive subsystemId: "a5ff110a-4d69-4ea5-af83-d02086e9215f", but RLS prevents them from viewing the data on Subsystem:a5ff110a-4d69-4ea5-af83-d02086e9215f, resulting in the response:
Expected behavior
All GraphQL relationships should default to nullable, or a configuration setting should be provided to opt-in to nullable relationships by default.
The text was updated successfully, but these errors were encountered:
Default all fkey linked relations to to nullable when RLS is enabled
add a comment directive @graphql({"nullable": <bool>}) on columns and foreign keys (including comment directive foreign keys) to allow overriding the default
In version 1.2.3, a bugfix was introduced to make relationships non-nullable if the foreign key column is non-nullable.
However due to RLS, it is possible that a non-nullable foreign key column produces a relationship that returns
null
.My team recently faced this as we're building an access-control system that limits which entities a user can access. e.g. a user might have access to an entity with a non-nullable foreign key field
subsystemId
, but the administrator may disable view access to that specific subsystem. When performing the query:...the user will receive
subsystemId: "a5ff110a-4d69-4ea5-af83-d02086e9215f"
, but RLS prevents them from viewing the data onSubsystem:a5ff110a-4d69-4ea5-af83-d02086e9215f
, resulting in the response:Expected behavior
All GraphQL relationships should default to nullable, or a configuration setting should be provided to opt-in to nullable relationships by default.
The text was updated successfully, but these errors were encountered: