Auth rule fails to filter on field in type

JSPromisel · March 27, 2021, 1:29am

Report a GraphQL Bug

What edition and version of Dgraph are you using?

Edition:

SlashGraphQL
Dgraph (community edition/Dgraph Cloud)

If you are using the community edition or enterprise edition of Dgraph, please list the version:

Dgraph Version

$ dgraph version
 
PASTE YOUR RESULTS HERE

Have you tried reproducing the issue with the latest release?

Yes

Steps to reproduce the issue (paste the query/schema if possible)

I am trying to add auth rules with the auth token by following along the examples in the @auth directive docs. Specifically, I want to implement logic like this:

interface Post @auth(
    query: { rule: """
        query ($USER: String!) { 
            queryPost(filter: { author : { id: { eq: $USER } } } ) { 
                id 
            } 
        }"""
    }
){
  id: ID!
  text: String @search(by: [fulltext])
  datePublished: DateTime @search
  author: Author! 
}

This is how I implemented that in my schema:

type User implements IMetadata @auth(
    update: { rule: """
        query ($USER: String!) { 
            queryUser(filter: { email : { eq: $USER } } ) { 
                objectiveID
            } 
        }"""
    }
){
    objectiveID: ID!
    username: String! @search(by: [regexp])
    email: String! @id
    pollResponses: [PollResponse!] @hasInverse(field: voter)
}

...

type PollResponse implements IMetadata & IEntity @auth(
    update: { rule: """
        query ($USER: String!) { 
            queryPollResponse(filter: { voter: { email : { eq: $USER } } }) { 
                objectiveID
            } 
        }"""
    },
    add: { rule:  "{$isAuthenticated: { eq: \"true\" } }" }
){
    poll: Poll!
    voter: User!
}

Expected behaviour and actual result.

When I try to update my schema using the slash-graphql update-schema, I get the following error:

Error: resolving updateGQLSchema failed because Type PollResponse: @auth: failed to validate GraphQL rule [reason : Field "voter" is not defined by type PollResponseFilter.]

When I try the auth query in the api explorer in the Slash UI I get the same error. I am wondering what I might be missing here, I feel like I followed the example correctly. Do I need to have some configuration to have the filter generated to allow filtering by subfields?

Experience Report for Feature Request

Note: Feature requests are judged based on user experience and modeled on Go Experience Reports. These reports should focus on the problems: they should not focus on and need not propose solutions.

What you wanted to do

What you actually did

Why that wasn’t great, with examples

Any external references to support your case

amaster507 · March 27, 2021, 2:36am

JSPromisel:

type PollResponse implements IMetadata & IEntity @auth(
    update: { rule: """
        query ($USER: String!) { 
            queryPollResponse(filter: { voter: { email : { eq: $USER } } }) { 
                objectiveID
            } 
        }"""

This should be

query ($USER: String!) {
  queryPollResponse {
    voter(filter: { email: { eq: $USER } }) {
      id
    }
  }
}

JSPromisel · March 27, 2021, 5:03pm

Awesome that worked thanks! Seems like a typo in the docs then…

Topic		Replies	Views
@auth doesn't filter on ID Dgraph kind:bug	7	766	August 23, 2022
Auth rules seem to fail when using multiple queries in and / or construct GraphQL auth , dgraph , kind:bug	1	488	November 10, 2021
Trying to set a simple authorization rule but `filter` can't handle it Dgraph Cloud kind:question , auth , dgraph	2	546	February 7, 2022
Role based access control rules are not working in DGraph Cloud Dgraph Cloud graphql , auth , kind:bug	5	546	May 5, 2021
Slash Graphql Error on query GraphQL kind:question	14	813	August 28, 2020