enterprise-1.5.4

rmosolgo · Oct 31, 2024 · 152a30a · 152a30a
1 parent 4625e59
commit 152a30a
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 1 deletion.
diff --git a/guides/object_cache/overview.md b/guides/object_cache/overview.md
@@ -29,7 +29,9 @@ This reduces latency for clients and reduces the load on your database and appli
 
 ## How
 
-Before running a query, `ObjectCache` creates a fingerprint for the query using {{ "GraphQL::Query#fingerprint" | api_doc }} and {% internal_link "`Schema.context_fingerprint_for(ctx)`", "/object_cache/schema_setup#context-fingerprint" %}. Then, it checks the backend for a cached response which matches the fingerprint. If a match is found, the `ObjectCache` fetches the objects previously visited by this query and compares their current fingerprints to the ones in the cache. If the fingerprints all match, then the cached response returned.
+Before running a query, `ObjectCache` creates a fingerprint for the query using {{ "GraphQL::Query#fingerprint" | api_doc }} and {% internal_link "`Schema.context_fingerprint_for(ctx)`", "/object_cache/schema_setup#context-fingerprint" %}. Then, it checks the backend for a cached response which matches the fingerprint.
+
+If a match is found, the `ObjectCache` fetches the objects previously visited by this query. Then, it compares the current fingerprint of each object ot the one in the cache and checks `.authorized?` for that object. If the fingerprints all match and all objects pass authorization checks, then the cached response returned. (Authorization checks can be {% internal_link "disabled", "/object_cache/schema_setup#disabling-reauthorization" %}.)
 
 If there is no cached response or if the fingerprints don't match, then the incoming query is re-evaluated. While it's executed, `ObjectCache` gathers the IDs and fingerprints of each object it encounters. When the query is done, the result and the new object fingerprints are written to the cache.
 

diff --git a/guides/object_cache/runtime_considerations.md b/guides/object_cache/runtime_considerations.md
@@ -55,6 +55,8 @@ pp result.context[:object_cache]
   messages: ["...", "..."],   # status messages about the cache's behavior
   objects: Set(...),          # application objects encountered during the query
   uncacheable: true,          # if ObjectCache found a reason that this query couldn't be cached (see `messages: ...` for reason)
+  reauthorized_cached_objects: true,
+                              # if `.authorized?` was checked for cached objects, see "Disabling Reauthorization"
 }
 ```
 

diff --git a/guides/object_cache/schema_setup.md b/guides/object_cache/schema_setup.md
@@ -98,3 +98,10 @@ end
 ```
 
 By returning a new `MySchema.fingerprint`, _all_ previously-cached results will be expired.
+
+## Disabling Reauthorization
+
+By default, `ObjectCache` checks `.authorized?` on each object before returning a cached result. However, if all authorization-related considerations are present in the object's cache fingerprint, then you can disable this check in two ways:
+
+- __per-query__, by passing `context: { reauthorize_cached_objects: false }`
+- __globally__, by configuring `use GraphQL::Enterprise::ObjectCache, ... reauthorize_cached_objects: false`
diff --git a/guides/pro/checksums/graphql-enterprise-1.5.4.txt b/guides/pro/checksums/graphql-enterprise-1.5.4.txt
@@ -0,0 +1 @@
+77201981e1495aa32181b36ca444b020860f83e6a29d8a749beca11cb02d4ca8e25fdfad8dea1c0365b8616661d39452de72d861f0460828db03151a627fb7ee
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		77201981e1495aa32181b36ca444b020860f83e6a29d8a749beca11cb02d4ca8e25fdfad8dea1c0365b8616661d39452de72d861f0460828db03151a627fb7ee