Merge pull request #3450 from eapache/patch-2

Robert Mosolgo · web-flow · commit 03c2bb696b43 · 2021-04-28T09:53:57.000-04:00
Respect directive visibility
diff --git a/lib/graphql/static_validation/rules/directives_are_defined.rb b/lib/graphql/static_validation/rules/directives_are_defined.rb
@@ -4,7 +4,7 @@ module StaticValidation
     module DirectivesAreDefined
       def initialize(*)
         super
-        @directive_names = context.schema.directives.keys
+        @directive_names = context.warden.directives.map(&:graphql_name)
       end
 
       def on_directive(node, parent)
diff --git a/spec/graphql/authorization_spec.rb b/spec/graphql/authorization_spec.rb
@@ -402,9 +402,17 @@ class Mutation < BaseObject
       field :do_unauthorized_stuff, mutation: DoUnauthorizedStuff
     end
 
+    class Nothing < GraphQL::Schema::Directive
+      locations(FIELD)
+      def self.visible?(ctx)
+        !!ctx[:show_nothing_directive]
+      end
+    end
+
     class Schema < GraphQL::Schema
       query(Query)
       mutation(Mutation)
+      directive(Nothing)
 
       lazy_resolve(Box, :value)
 
@@ -601,6 +609,14 @@ def auth_execute(*args, **kwargs)
       refute_includes restricted_sdl, 'Hidden'
       refute_includes restricted_sdl, 'hidden'
     end
+
+    it "works with directives" do
+      query_str = "{ __typename @nothing }"
+      visible_response = auth_execute(query_str, context: { show_nothing_directive: true })
+      assert_equal "Query", visible_response["data"]["__typename"]
+      hidden_response = auth_execute(query_str)
+      assert_equal ["Directive @nothing is not defined"], hidden_response["errors"].map { |e| e["message"] }
+    end
   end
 
   describe "applying the authorized? method" do
