-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
authorized? for GraphQL::Schema::EnumValue is not working #4825
Comments
Hey, thanks for reporting this. Did you find this documented somewhere? I didn't find it in the documentation and I don't see it addressed in the relevant spec (https://github.com/rmosolgo/graphql-ruby/blob/master/spec/graphql/authorization_spec.rb), so I think it was just never dreamed of! But we could definitely add it. My first thought on a place to add it would be to hook in here: graphql-ruby/lib/graphql/execution/interpreter/runtime.rb Lines 570 to 572 in 18f3ded
and here: graphql-ruby/lib/graphql/schema/argument.rb Lines 264 to 268 in 18f3ded
Which go here: graphql-ruby/lib/graphql/schema/enum.rb Lines 143 to 166 in 18f3ded
I think if those two methods ( Feel free to give it a try if you're interested, otherwise I'll keep this open and try to take a crack at it when I find time! |
@rmosolgo thank you for looking into this.
No, there is no documentation regarding this. I just looked around the source code and found that the enum value also has those methods ( |
Describe the bug
Hi! I found a bug regarding the authorization enum value.
According to source code, this class has the same authorization methods as argument, object, and field classes. But is for EnumValue method
authorized?
not working.Versions
graphql
version: 2.2.7rails
: 7.1.3Code example
Steps to reproduce
Use the code above.
Expected behavior
It works in the same way as for fields, objects, and arguments and denies access to all denied enum values.
Actual behavior
It ignores
def authorized?(_ctx); false; end
method, and even does not stop in there if put debugger to the method.The text was updated successfully, but these errors were encountered: