wildcard rules are not reusable

Question

wildcard rules are not reusable

cainlevy opened this issue 3 years ago · comments

Lance Ivy commented 3 years ago

Bug report

I have checked other issues to make sure this is not a duplicate.

Describe the bug

Wildcard rules appear to not be reusable.

For example, I might define a policy like const allowAll = { '*': allow } and try to use it for multiple types. This will not work.
I might also try to define static permissions and then apply them to multiple server instances (in tests). This will not work.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

This is my GraphQL Schema.

type Query {
  book: Book!
  author: Author!
}

type Book {
  id: ID!
}

type Author {
  id: ID!
}

This is the invoked query

query {
  book { id }
  author { id }
}

I use these permissions

const allowAll = { '*': allow };
const permissions = shield({
  Query: allowAll,
  Book: allowAll,
  Author: allowAll,
}, { fallbackRule: deny })

This is the error I see

Not authorised!

Expected behavior

Success

Actual behaviour

Authorization failure

Additional context

#1341 (comment)

open-collective-bot · Answer 1 · Wed Nov 17 2021 00:17:48 GMT+0800 (China Standard Time)

Hey @cainlevy 👋,

Thank you for opening an issue. We will get back to you as soon as we can. Have you seen our Open Collective page? Please consider contributing financially to our project. This will help us involve more contributors and get to issues like yours faster.

https://opencollective.com/graphql-shield

We offer priority support for all financial contributors. Don't forget to add priority label once you become one! 😄

Lance Ivy · Answer 2 · Wed Nov 17 2021 00:22:03 GMT+0800 (China Standard Time)

I respect your push to get this library sponsored and I hope it's successful!

I'm having a tough time getting started because of this bug, however, plus some other usability concerns that I haven't been able to explore because of the investment I've sunk into debugging the library.

Hamza Baig · Answer 3 · Wed Nov 17 2021 15:55:08 GMT+0800 (China Standard Time)

I'm getting exactly the same issue mentioned by @cainlevy, weird thing is that it seems to run the resolver but still throws "Not authorised" error.

stale · Answer 4 · Sat Apr 16 2022 18:08:13 GMT+0800 (China Standard Time)

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.