-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filters of @authorization
directive are not generated as WHERE
clauses for subqueries which match on the node for which these filters are defined.
#5534
Comments
Corresponding ZenDesk ticket here |
Hey @andreloeffelmann, I'm going to relabel this as a feature request, because this isn't intended to work this way - this would essentially be classed as something like a new operation |
Hey @darrellwarde, I see your point from a developer's perspective. If you see this as a So, from my point of view, I see the following solutions:
Either way, when do you think can we expect a solution on this? This is an internal high-prio case which I already reported via our enterprise support. |
Hey @darrellwarde , any news on this? Was hoping that this will be addressed in v6, but according to the docs it was not? |
Hey @andreloeffelmann, I totally missed your last message in September, my apologies!
I'm reading this issue over and over and I can't see how this would be related to this authorization feature request - the
We will have to talk about if and how we address this for Version 7 if it could be a breaking change. However, my view still stands that the authorization features of the library exist to control the reading (i.e. the return of data to consumers) and writing (i.e. database writes) through the API. The usage of the authorization features in this manner, to achieve some kind of "default filter", was never really the intended purpose of the feature. Our primary focus for this feature is that data is secure, which I still believe is the case with the state of things in this issue. This is not to say that we will not look at this, but just to offer some explanation as why this has not been looked at yet in this time where we have a bunch of high priority architectural changes to work on. |
Hey @darrellwarde, it is not about some kind of "default filter", it is about data being secure. given the type definitions above we insert 3
and we create the relation if we query for products like this: query{
products{
isEmpty
isPublic
}
} we get 2 Now we want to get the variants of each query{
products{
isEmpty
isPublic
variants{
isEmpty
isPublic
}
}
} and we get But now we want to get query{
products(where:{variantsAggregate:{count:1}}){
productId
variantsAggregate{
count
}
}
} We expect one I do not see why this is some kind of "default" filtering. The API does not produce consistent results. Hope I could explain the case better now? |
Describe the bug
When defining filters via the
@authorization
directive, these filters are not rendered asWHERE
clauses inside subqueries which match/reference on the (root)-node for which these filters are defined.Type definitions
To Reproduce
Steps to reproduce the behavior:
The generated query misses the authorization filters inside the subquery on the referenced
Product
node. The query should look like this (see 4th line):Expected behavior
Authorization filters from the
@authorization
directive should be generated asWHERE
clauses on all subqueries/queries which match on a node for which these filters are defined.System
The text was updated successfully, but these errors were encountered: