Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add skip and include support for fragment spreads and inline fragments #837

Merged
merged 10 commits into from
Jul 4, 2022
Merged

Add skip and include support for fragment spreads and inline fragments #837

merged 10 commits into from
Jul 4, 2022

Conversation

Shane32
Copy link
Member

@Shane32 Shane32 commented Jun 23, 2022
edited
Loading

Fixes the known issue in #803 where skipped fragments are still authenticated.

Because TypeInfo.GetRecursivelyReferencedFragments returns all recursively referenced fragments, not just ones that are not skipped, GetRecursivelyReferencedFragments was re-implemented here. It is mostly a copy of the code within GraphQL.NET, but it does call AuthorizationVisitorBase.SkipNode to determine if a node should be skipped, the same virtual method called by the rest of the authorization logic to determine if a node should be skipped.

Note that to meet spec, I believe that the existing validation rules in GraphQL.NET requires the existing behavior of GetRecursivelyReferencedFragments.

This PR mirrors Shane32/GraphQL.AspNetCore3#50 which includes tests.

Note: turn off “show whitespace differences” to reduce the diff in GitHub

@Shane32 Shane32 self-assigned this Jun 23, 2022
@Shane32 Shane32 requested a review from sungam3r June 23, 2022 03:50
@Shane32 Shane32 added this to the v7 milestone Jun 23, 2022
@Shane32
Copy link
Member Author

Shane32 commented Jun 23, 2022

If #838 is merged first, I'll add the tests that belong in here. If this is merged first, I'll update #838 with the additional tests for this change.

@Shane32
Copy link
Member Author

Shane32 commented Jun 24, 2022

@sungam3r I would like to merge this in before release of v7 to complete the authorization rule. If we decide to update GetRecursivelyReferencedFragments in the main GraphQL.NET project, the implementation is private and can be removed as a non-breaking change. As of now this entire project still references GraphQL.NET v5, although this will need to change eventually as INodeVisitor has changed signatures in GraphQL.NET v7.

@Shane32
Copy link
Member Author

Shane32 commented Jun 29, 2022

@sungam3r What's the ETA here?

@Shane32 Shane32 added the enhancement New feature or request label Jun 29, 2022
@sungam3r
Copy link
Member

I'm going to process email on the weekend.

@sungam3r
Copy link
Member

sungam3r commented Jul 3, 2022

If #838 is merged first, I'll add the tests that belong in here. If this is merged first, I'll update #838 with the additional tests for this change.

Let's merge #838 and I'll review this one (the last pending PR I think) some time after.

@Shane32
Copy link
Member Author

Shane32 commented Jul 3, 2022

If #838 is merged first, I'll add the tests that belong in here. If this is merged first, I'll update #838 with the additional tests for this change.

Let's merge #838 and I'll review this one (the last pending PR I think) some time after.

Anytime you're ready. #838 is merged and tests have been added here.

@codecov-commenter
Copy link

Codecov Report

Merging #837 (b3973bd) into develop (67c58ac) will increase coverage by 0.31%.
The diff coverage is 97.26%.

@@             Coverage Diff             @@
##           develop     #837      +/-   ##
===========================================
+ Coverage    85.43%   85.75%   +0.31%     
===========================================
  Files           60       61       +1     
  Lines         2239     2289      +50     
  Branches       366      375       +9     
===========================================
+ Hits          1913     1963      +50     
- Misses         273      274       +1     
+ Partials        53       52       -1
Impacted Files Coverage Δ
...ansports.AspNetCore/AuthorizationValidationRule.cs 100.00% <ø> (ø)
...onVisitorBase.GetRecursivelyReferencedFragments.cs 95.91% <95.91%> (ø)
.../Transports.AspNetCore/AuthorizationVisitorBase.cs 97.71% <100.00%> (+0.01%) ⬆️
src/Transports.AspNetCore/AuthorizationVisitor.cs 83.33% <0.00%> (+16.66%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 67c58ac...b3973bd. Read the comment docs.

sungam3r
sungam3r approved these changes Jul 4, 2022
View reviewed changes
Copy link
Member

@sungam3r sungam3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed. v7 is closer

@Shane32 Shane32 merged commit 84c96f7 into develop Jul 4, 2022
@Shane32 Shane32 deleted the fix_skip branch July 4, 2022 13:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sungam3r sungam3r sungam3r approved these changes

Assignees

@Shane32 Shane32

Labels
enhancement New feature or request
Projects
None yet
Milestone
v7
Development

Successfully merging this pull request may close these issues.
3 participants
@Shane32 @sungam3r @codecov-commenter