Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better detection for when items were scoped? #4848

Open
rmosolgo opened this issue Feb 19, 2024 · 0 comments
Open

Better detection for when items were scoped? #4848

rmosolgo opened this issue Feb 19, 2024 · 0 comments
Milestone
3.0

Comments

@rmosolgo
Copy link
Owner

Currently, this library checks for whether or not items were scoped by using object equality:

graphql-ruby/lib/graphql/schema/field/scope_extension.rb

Lines 14 to 18 in b0d289e

if !scoped_items.equal?(value) && !ret_type.reauthorize_scoped_objects
if (current_runtime_state = Thread.current[:__graphql_runtime_info]) &&
(query_runtime_state = current_runtime_state[context.query])
query_runtime_state.was_authorized_by_scope_items = true
end

This works when scope_items really did something, but not if you want to skip authorization altogether. For example, if you've got a list of items from an external service, and you want to return them as-is, without scoping or authorization, you'd have to do this:

def self.scope_items(items, ctx)
  items.dup # Make a shallow copy so GraphQL-Ruby will know that we authorized this list
end

I bet there's a more robust way to implement this check (and maybe to implement the runtime metadata, too). I'm going to consider it for 3.0.
@rmosolgo rmosolgo added this to the 3.0 milestone Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0
Development

No branches or pull requests
1 participant
@rmosolgo