Skip to content

Commit 0b37be0

Browse files
carloseberhardtcarloseberhardt
authored
fix(field-access-report): reference policy default in denial reason for root fields without explicit rule (#114)
* fix(field-access-report): reference policy default in denial reason for root fields without explicit rule\n\n- Denied root fields now reference the policy default and its condition in the reason string when no explicit rule is found.\n- Fixes test failure for introspection control policies.\n- Ensures compliance with expected report output and improves clarity for denied access cases. * added modified missing files
1 parent 4c8c173 commit 0b37be0

File tree

7 files changed

+1190
-2836
lines changed

7 files changed

+1190
-2836
lines changed

src/services/fieldAccessReport.ts

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -174,8 +174,12 @@ export async function generateFieldAccessReportData(
174174
} else {
175175
// No rule found, deny by default
176176
access = "denied";
177-
condition = "false";
178-
reason = `No rule found for field ${field.name} in policy for root type ${typeName}: denied by default`;
177+
condition = policy && policy.policyDefault ? policy.policyDefault.condition : "false";
178+
if (policy && policy.policyDefault) {
179+
reason = `Policy default: denied (condition: ${policy.policyDefault.condition})`;
180+
} else {
181+
reason = `No rule found for field ${field.name} in policy for root type ${typeName}: denied by default`;
182+
}
179183
}
180184
}
181185
}

0 commit comments

Comments
 (0)