wildcard rules are not reusable
cainlevy opened this issue · comments
Bug report
- I have checked other issues to make sure this is not a duplicate.
Describe the bug
Wildcard rules appear to not be reusable.
- For example, I might define a policy like
const allowAll = { '*': allow }
and try to use it for multiple types. This will not work. - I might also try to define static permissions and then apply them to multiple server instances (in tests). This will not work.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
- This is my GraphQL Schema.
type Query {
book: Book!
author: Author!
}
type Book {
id: ID!
}
type Author {
id: ID!
}
- This is the invoked query
query {
book { id }
author { id }
}
- I use these permissions
const allowAll = { '*': allow };
const permissions = shield({
Query: allowAll,
Book: allowAll,
Author: allowAll,
}, { fallbackRule: deny })
- This is the error I see
Not authorised!
Expected behavior
Success
Actual behaviour
Authorization failure
Additional context
Hey @cainlevy 👋,
Thank you for opening an issue. We will get back to you as soon as we can. Have you seen our Open Collective page? Please consider contributing financially to our project. This will help us involve more contributors and get to issues like yours faster.
https://opencollective.com/graphql-shield
We offer
priority
support for all financial contributors. Don't forget to addpriority
label once you become one! 😄
I respect your push to get this library sponsored and I hope it's successful!
I'm having a tough time getting started because of this bug, however, plus some other usability concerns that I haven't been able to explore because of the investment I've sunk into debugging the library.
I'm getting exactly the same issue mentioned by @cainlevy, weird thing is that it seems to run the resolver but still throws "Not authorised" error.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.