Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorization checks not applied correctly for unions and interface #58

Open
hayes opened this issue Dec 21, 2021 · 2 comments
Open

Authorization checks not applied correctly for unions and interface #58

hayes opened this issue Dec 21, 2021 · 2 comments

Comments

@hayes
Copy link
Contributor

hayes commented Dec 21, 2021

Was just skimming through some of the code when I fixed the __typename issue and it looks like authorization rules on objects are ignored when the query resolved them through a union or interface. This seems like a pretty important case to cover. This would make any nodes in a relay style graph accessible without auth checks through the node or nodes queries.

@dimatill
Copy link
Contributor

dimatill commented Dec 21, 2021

@hayes thank you for opening the issue!

Just checked it and there are test cases for union and interface types, but you're right. Right now test cases only handle fields of union and interface types but there is an issue with rules attached to members of union or interface types themselves.

@JCMais
Copy link

JCMais commented Jun 19, 2024

is there a workaround for this atm? Or we have to patch the rules compiler so it properly builds the rule from the inline fragment?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants