Merge pull request #4442 from rmosolgo/bypass-warden

Make a way to bypass type visibility

Author: rmosolgo

guides/authorization/visibility.md

@@ -93,3 +93,17 @@ end
 ```
 
 For this to work, the base argument class must be {% internal_link "configured with other GraphQL types", "/type_definitions/extensions.html#customizing-arguments" %}.
+
+## Opting Out
+
+By default, GraphQL-Ruby always runs visibility checks. You can opt out of this by adding to your schema class:
+
+```ruby
+class MySchema < GraphQL::Schema
+  # ...
+  # Opt out of GraphQL-Ruby's visibility feature:
+  use GraphQL::Schema::AlwaysVisible
+end
+```
+
+For big schemas, this can be a worthwhile speed-up.

lib/graphql/language/document_from_schema_definition.rb

@@ -36,7 +36,10 @@ def initialize(
               context: schema_context,
             )
         else
-          GraphQL::Schema::Warden.new(schema: @schema, context: schema_context)
+          @schema.warden_class.new(
+            schema: @schema,
+            context: schema_context,
+          )
         end
 
         schema_context.warden = @warden

lib/graphql/query.rb

@@ -385,7 +385,7 @@ def find_operation(operations, operation_name)
 
     def prepare_ast
       @prepared_ast = true
-      @warden ||= GraphQL::Schema::Warden.new(@filter, schema: @schema, context: @context)
+      @warden ||= @schema.warden_class.new(@filter, schema: @schema, context: @context)
       parse_error = nil
       @document ||= begin
         if query_string

lib/graphql/query/null_context.rb

@@ -3,14 +3,6 @@ module GraphQL
   class Query
     # This object can be `ctx` in places where there is no query
     class NullContext
-      class NullWarden < GraphQL::Schema::Warden
-        def visible_field?(field, ctx); true; end
-        def visible_argument?(arg, ctx); true; end
-        def visible_type?(type, ctx); true; end
-        def visible_enum_value?(ev, ctx); true; end
-        def visible_type_membership?(tm, ctx); true; end
-      end
-
       class NullQuery
         def after_lazy(value)
           yield(value)
@@ -29,11 +21,7 @@ def initialize
         @query = NullQuery.new
         @dataloader = GraphQL::Dataloader::NullDataloader.new
         @schema = NullSchema
-        @warden = NullWarden.new(
-          GraphQL::Filter.new(silence_deprecation_warning: true),
-          context: self,
-          schema: @schema,
-        )
+        @warden = Schema::Warden::NullWarden.new(context: self, schema: @schema)
       end
 
       def interpreter?

lib/graphql/schema.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 require "graphql/schema/addition"
+require "graphql/schema/always_visible"
 require "graphql/schema/base_64_encoder"
 require "graphql/schema/find_inherited_value"
 require "graphql/schema/finder"
@@ -420,6 +421,18 @@ def root_types
         @root_types
       end
 
+      def warden_class
+        if defined?(@warden_class)
+          @warden_class
+        elsif superclass.respond_to?(:warden_class)
+          superclass.warden_class
+        else
+          GraphQL::Schema::Warden
+        end
+      end
+
+      attr_writer :warden_class
+
       # @param type [Module] The type definition whose possible types you want to see
       # @return [Hash<String, Module>] All possible types, if no `type` is given.
       # @return [Array<Module>] Possible types for `type`, if it's given.

lib/graphql/schema/always_visible.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module GraphQL
+  class Schema
+    class AlwaysVisible
+      def self.use(schema, **opts)
+        schema.warden_class = GraphQL::Schema::Warden::NullWarden
+      end
+    end
+  end
+end

lib/graphql/schema/warden.rb

@@ -87,6 +87,32 @@ def arguments(owner, ctx); owner.arguments(ctx); end
         end
       end
 
+      class NullWarden
+        def initialize(_filter = nil, context:, schema:)
+          @schema = schema
+        end
+
+        def visible_field?(field_defn, _ctx = nil, owner = nil); true; end
+        def visible_argument?(arg_defn, _ctx = nil); true; end
+        def visible_type?(type_defn, _ctx = nil); true; end
+        def visible_enum_value?(enum_value, _ctx = nil); true; end
+        def visible_type_membership?(type_membership, _ctx = nil); true; end
+        def interface_type_memberships(obj_type, _ctx = nil); obj_type.interface_type_memberships; end
+        def get_type(type_name); @schema.get_type(type_name); end # rubocop:disable Development/ContextIsPassedCop
+        def arguments(argument_owner, ctx = nil); argument_owner.arguments(ctx).values; end
+        def enum_values(enum_defn); enum_defn.enum_values; end # rubocop:disable Development/ContextIsPassedCop
+        def get_argument(parent_type, argument_name); parent_type.get_argument(argument_name); end # rubocop:disable Development/ContextIsPassedCop
+        def types; @schema.types; end # rubocop:disable Development/ContextIsPassedCop
+        def root_type_for_operation(op_name); @schema.root_type_for_operation(op_name); end
+        def directives; @schema.directives.values; end
+        def fields(type_defn); type_defn.fields; end # rubocop:disable Development/ContextIsPassedCop
+        def get_field(parent_type, field_name); @schema.get_field(parent_type, field_name); end
+        def reachable_type?(type_name); true; end
+        def reachable_types; @schema.types.values; end # rubocop:disable Development/ContextIsPassedCop
+        def possible_types(type_defn); @schema.possible_types(type_defn); end
+        def interfaces(obj_type); obj_type.interfaces; end
+      end
+
       # @param filter [<#call(member)>] Objects are hidden when `.call(member, ctx)` returns true
       # @param context [GraphQL::Query::Context]
       # @param schema [GraphQL::Schema]

spec/graphql/execution/interpreter_spec.rb

@@ -278,6 +278,8 @@ class Schema < GraphQL::Schema
       mutation(Mutation)
       lazy_resolve(Box, :value)
 
+      use GraphQL::Schema::AlwaysVisible
+
       def self.object_from_id(id, ctx)
         OpenStruct.new(id: id)
       end

spec/graphql/schema/always_visible_spec.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+require "spec_helper"
+
+describe GraphQL::Schema::AlwaysVisible do
+  class AlwaysVisibleSchema < GraphQL::Schema
+    class Query < GraphQL::Schema::Object
+      def self.visible?(ctx)
+        ctx[:visible_was_called] = true
+        false
+      end
+
+      field :one, Integer
+      def one; 1; end
+    end
+    query(Query)
+    use GraphQL::Schema::AlwaysVisible
+  end
+
+  class NotAlwaysVisibleSchema < GraphQL::Schema
+    query(AlwaysVisibleSchema::Query)
+  end
+
+  it "Doesn't call visibility methods" do
+    res = NotAlwaysVisibleSchema.execute("{ one }")
+    assert res.context[:visible_was_called]
+    assert_equal ["Schema is not configured for queries"], res["errors"].map { |err| err["message"] }
+
+    res = AlwaysVisibleSchema.execute("{ one }")
+    refute res.context[:visible_was_called]
+    assert_equal 1, res["data"]["one"]
+  end
+end

spec/graphql/schema/warden_spec.rb

@@ -950,4 +950,15 @@ def self.visible?(member, context)
       end
     end
   end
+
+  describe "NullWarden" do
+    it "implements all Warden methods" do
+      warden_methods = GraphQL::Schema::Warden.instance_methods - Object.methods
+      warden_methods.each do |method_name|
+        warden_params =  GraphQL::Schema::Warden.instance_method(method_name).parameters
+        assert GraphQL::Schema::Warden::NullWarden.method_defined?(method_name), "Null warden also responds to #{method_name} (#{warden_params})"
+        assert_equal warden_params, GraphQL::Schema::Warden::NullWarden.instance_method(method_name).parameters,"#{method_name} has the same parameters"
+      end
+    end
+  end
 end