2021-11-26 16:47:12 +03:00
|
|
|
{-# LANGUAGE ApplicativeDo #-}
|
2022-03-16 03:39:21 +03:00
|
|
|
{-# LANGUAGE TemplateHaskell #-}
|
2021-11-26 16:47:12 +03:00
|
|
|
|
|
|
|
-- | This module provides common building blocks for composing Schema Parsers
|
|
|
|
-- used in the schema of Update Mutations.
|
|
|
|
module Hasura.GraphQL.Schema.Update
|
|
|
|
( UpdateOperator (..),
|
|
|
|
updateOperator,
|
|
|
|
buildUpdateOperators,
|
|
|
|
presetColumns,
|
|
|
|
setOp,
|
|
|
|
incOp,
|
|
|
|
updateTable,
|
|
|
|
updateTableByPk,
|
2022-07-18 18:15:34 +03:00
|
|
|
mkUpdateObject,
|
2021-11-26 16:47:12 +03:00
|
|
|
)
|
|
|
|
where
|
|
|
|
|
2022-07-19 09:55:42 +03:00
|
|
|
import Data.Has (Has (getter))
|
2021-11-26 16:47:12 +03:00
|
|
|
import Data.HashMap.Strict qualified as M
|
|
|
|
import Data.HashMap.Strict.Extended qualified as M
|
|
|
|
import Data.List.NonEmpty qualified as NE
|
2022-08-17 15:46:36 +03:00
|
|
|
import Data.Text.Casing (GQLNameIdentifier, fromAutogeneratedName)
|
|
|
|
import Data.Text.Extended (toTxt, (<>>))
|
An `ErrorMessage` type, to encapsulate.
This introduces an `ErrorMessage` newtype which wraps `Text` in a manner which is designed to be easy to construct, and difficult to deconstruct.
It provides functionality similar to `Data.Text.Extended`, but designed _only_ for error messages. Error messages are constructed through `fromString`, concatenation, or the `toErrorValue` function, which is designed to be overridden for all meaningful domain types that might show up in an error message. Notably, there are not and should never be instances of `ToErrorValue` for `String`, `Text`, `Int`, etc. This is so that we correctly represent the value in a way that is specific to its type. For example, all `Name` values (from the _graphql-parser-hs_ library) are single-quoted now; no exceptions.
I have mostly had to add `instance ToErrorValue` for various backend types (and also add newtypes where necessary). Some of these are not strictly necessary for this changeset, as I had bigger aspirations when I started. These aspirations have been tempered by trying and failing twice.
As such, in this changeset, I have started by introducing this type to the `parseError` and `parseErrorWith` functions. In the future, I would like to extend this to the `QErr` record and the various `throwError` functions, but this is a much larger task and should probably be done in stages.
For now, `toErrorMessage` and `fromErrorMessage` are provided for conversion to and from `Text`, but the intent is to stop exporting these once all error messages are converted to the new type.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5018
GitOrigin-RevId: 84b37e238992e4312255a87ca44f41af65e2d89a
2022-07-18 23:26:01 +03:00
|
|
|
import Hasura.Base.ToErrorValue
|
2022-06-30 18:22:19 +03:00
|
|
|
import Hasura.GraphQL.Schema.Backend (BackendSchema (..), BackendTableSelectSchema (..), MonadBuildSchema, columnParser)
|
2022-08-22 18:57:46 +03:00
|
|
|
import Hasura.GraphQL.Schema.BoolExp (AggregationPredicatesSchema, boolExp)
|
2022-09-06 19:48:04 +03:00
|
|
|
import Hasura.GraphQL.Schema.Common
|
2021-11-26 16:47:12 +03:00
|
|
|
import Hasura.GraphQL.Schema.Mutation (mutationSelectionSet, primaryKeysArguments)
|
2022-07-12 17:00:15 +03:00
|
|
|
import Hasura.GraphQL.Schema.NamingCase
|
server: Metadata origin for definitions (type parameter version v2)
The code that builds the GraphQL schema, and `buildGQLContext` in particular, is partial: not every value of `(ServerConfigCtx, GraphQLQueryType, SourceCache, HashMap RemoteSchemaName (RemoteSchemaCtx, MetadataObject), ActionCache, AnnotatedCustomTypes)` results in a valid GraphQL schema. When it fails, we want to be able to return better error messages than we currently do.
The key thing that is missing is a way to trace back GraphQL type information to their origin from the Hasura metadata. Currently, we have a number of correctness checks of our GraphQL schema. But these correctness checks only have access to pure GraphQL type information, and hence can only report errors in terms of that. Possibly the worst is the "conflicting definitions" error, which, in practice, can only be debugged by Hasura engineers. This is terrible DX for customers.
This PR allows us to print better error messages, by adding a field to the `Definition` type that traces the GraphQL type to its origin in the metadata. So the idea is simple: just add `MetadataObjId`, or `Maybe` that, or some other sum type of that, to `Definition`.
However, we want to avoid having to import a `Hasura.RQL` module from `Hasura.GraphQL.Parser`. So we instead define this additional field of `Definition` through a new type parameter, which is threaded through in `Hasura.GraphQL.Parser`. We then define type synonyms in `Hasura.GraphQL.Schema.Parser` that fill in this type parameter, so that it is not visible for the majority of the codebase.
The idea of associating metadata information to `Definition`s really comes to fruition when combined with hasura/graphql-engine-mono#4517. Their combination would allow us to use the API of fatal errors (just like the current `MonadError QErr`) to report _inconsistencies_ in the metadata. Such inconsistencies are then _automatically_ ignored. So no ad-hoc decisions need to be made on how to cut out inconsistent metadata from the GraphQL schema. This will allow us to report much better errors, as well as improve the likelihood of a successful HGE startup.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/4770
Co-authored-by: Samir Talwar <47582+SamirTalwar@users.noreply.github.com>
GitOrigin-RevId: 728402b0cae83ae8e83463a826ceeb609001acae
2022-06-28 18:52:26 +03:00
|
|
|
import Hasura.GraphQL.Schema.Parser qualified as P
|
2022-08-17 15:46:36 +03:00
|
|
|
import Hasura.GraphQL.Schema.Table (getTableIdentifierName, tableColumns, tableUpdateColumns)
|
2022-07-12 17:00:15 +03:00
|
|
|
import Hasura.GraphQL.Schema.Typename
|
2021-11-26 16:47:12 +03:00
|
|
|
import Hasura.Prelude
|
|
|
|
import Hasura.RQL.IR.BoolExp (AnnBoolExp, annBoolExpTrue)
|
|
|
|
import Hasura.RQL.IR.Returning (MutationOutputG (..))
|
2021-12-07 16:12:02 +03:00
|
|
|
import Hasura.RQL.IR.Root (RemoteRelationshipField)
|
2021-11-26 16:47:12 +03:00
|
|
|
import Hasura.RQL.IR.Update (AnnotatedUpdateG (..))
|
2022-05-31 01:07:02 +03:00
|
|
|
import Hasura.RQL.IR.Value
|
2021-11-26 16:47:12 +03:00
|
|
|
import Hasura.RQL.Types.Backend (Backend (..))
|
|
|
|
import Hasura.RQL.Types.Column (ColumnInfo (..), isNumCol)
|
2022-09-06 17:18:30 +03:00
|
|
|
import Hasura.RQL.Types.Metadata.Object
|
Remove circular dependency in schema building code
### Description
The main goal of this PR is, as stated, to remove the circular dependency in the schema building code. This cycle arises from the existence of remote relationships: when we build the schema for a source A, a remote relationship might force us to jump to the schema of a source B, or some remote schema. As a result, we end up having to do a dispatch from a "leaf" of the schema, similar to the one done at the root. In turn, this forces us to carry along in the schema a lot of information required for that dispatch, AND it forces us to import the instances in scope, creating an import loop.
As discussed in #4489, this PR implements the "dependency injection" solution: we pass to the schema a function to call to do the dispatch, and to get a generated field for a remote relationship. That way, this function can be chosen at the root level, and the leaves need not be aware of the overall context.
This PR grew a bit bigger than that, however; in an attempt to try and remove the `SourceCache` from the schema altogether, it changed a lot of functions across the schema building code, to thread along the `SourceInfo b` of the source being built. This avoids having to do cache lookups within a given source. A few cases remain, such as relay, that we might try to tackle in a subsequent PR.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/4557
GitOrigin-RevId: 9388e48372877520a72a9fd1677005df9f7b2d72
2022-05-27 20:21:22 +03:00
|
|
|
import Hasura.RQL.Types.Source
|
2022-08-17 15:46:36 +03:00
|
|
|
import Hasura.RQL.Types.SourceCustomization (applyFieldNameCaseIdentifier, applyTypeNameCaseIdentifier, mkTableOperatorInputTypeName, mkTablePkColumnsInputTypeName)
|
Role-invariant schema constructors
We build the GraphQL schema by combining building blocks such as `tableSelectionSet` and `columnParser`. These building blocks individually build `{InputFields,Field,}Parser` objects. Those object specify the valid GraphQL schema.
Since the GraphQL schema is role-dependent, at some point we need to know what fragment of the GraphQL schema a specific role is allowed to access, and this is stored in `{Sel,Upd,Ins,Del}PermInfo` objects.
We have passed around these permission objects as function arguments to the schema building blocks since we first started dealing with permissions during the PDV refactor - see hasura/graphql-engine@5168b99e463199b1934d8645bd6cd37eddb64ae1 in hasura/graphql-engine#4111. This means that, for instance, `tableSelectionSet` has as its type:
```haskell
tableSelectionSet ::
forall b r m n.
MonadBuildSchema b r m n =>
SourceName ->
TableInfo b ->
SelPermInfo b ->
m (Parser 'Output n (AnnotatedFields b))
```
There are three reasons to change this.
1. We often pass a `Maybe (xPermInfo b)` instead of a proper `xPermInfo b`, and it's not clear what the intended semantics of this is. Some potential improvements on the data types involved are discussed in issue hasura/graphql-engine-mono#3125.
2. In most cases we also already pass a `TableInfo b`, and together with the `MonadRole` that is usually also in scope, this means that we could look up the required permissions regardless: so passing the permissions explicitly undermines the "single source of truth" principle. Breaking this principle also makes the code more difficult to read.
3. We are working towards role-based parsers (see hasura/graphql-engine-mono#2711), where the `{InputFields,Field,}Parser` objects are constructed in a role-invariant way, so that we have a single object that can be used for all roles. In particular, this means that the schema building blocks _need_ to be constructed in a role-invariant way. While this PR doesn't accomplish that, it does reduce the amount of role-specific arguments being passed, thus fixing hasura/graphql-engine-mono#3068.
Concretely, this PR simply drops the `xPermInfo b` argument from almost all schema building blocks. Instead these objects are looked up from the `TableInfo b` as-needed. The resulting code is considerably simpler and shorter.
One way to interpret this change is as follows. Before this PR, we figured out permissions at the top-level in `Hasura.GraphQL.Schema`, passing down the obtained `xPermInfo` objects as required. After this PR, we have a bottom-up approach where the schema building blocks themselves decide whether they want to be included for a particular role.
So this moves some permission logic out of `Hasura.GraphQL.Schema`, which is very complex.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3608
GitOrigin-RevId: 51a744f34ec7d57bc8077667ae7f9cb9c4f6c962
2022-02-17 11:16:20 +03:00
|
|
|
import Hasura.RQL.Types.Table
|
2022-09-06 17:18:30 +03:00
|
|
|
import Hasura.SQL.AnyBackend qualified as AB
|
2021-11-26 16:47:12 +03:00
|
|
|
import Language.GraphQL.Draft.Syntax (Description (..), Name (..), Nullability (..), litName)
|
|
|
|
|
2021-12-29 06:51:01 +03:00
|
|
|
-- | @UpdateOperator b m n op@ represents one single update operator for a
|
|
|
|
-- backend @b@.
|
2021-11-26 16:47:12 +03:00
|
|
|
--
|
2021-12-29 06:51:01 +03:00
|
|
|
-- The type variable @op@ is the backend-specific data type that represents
|
|
|
|
-- update operators, typically in the form of a sum-type with an
|
|
|
|
-- @UnpreparedValue b@ in each constructor.
|
|
|
|
--
|
|
|
|
-- The @UpdateOperator b m n@ is a @Functor@. There exist building blocks of
|
|
|
|
-- common update operators (such as 'setOp', etc.) which have @op ~
|
|
|
|
-- UnpreparedValue b@. The Functor instance lets you wrap the generic update
|
|
|
|
-- operators in backend-specific tags.
|
2022-09-06 19:48:04 +03:00
|
|
|
data UpdateOperator b r m n op = UpdateOperator
|
2021-11-26 16:47:12 +03:00
|
|
|
{ updateOperatorApplicableColumn :: ColumnInfo b -> Bool,
|
|
|
|
updateOperatorParser ::
|
2022-08-17 15:46:36 +03:00
|
|
|
GQLNameIdentifier ->
|
2021-11-26 16:47:12 +03:00
|
|
|
TableName b ->
|
|
|
|
NonEmpty (ColumnInfo b) ->
|
2022-09-06 19:48:04 +03:00
|
|
|
SchemaT r m (P.InputFieldsParser n (HashMap (Column b) op))
|
2021-11-26 16:47:12 +03:00
|
|
|
}
|
|
|
|
deriving (Functor)
|
|
|
|
|
|
|
|
-- | The top-level component for building update operators parsers.
|
|
|
|
--
|
2021-12-29 06:51:01 +03:00
|
|
|
-- * It implements the @preset@ functionality from Update Permissions (see
|
2021-11-26 16:47:12 +03:00
|
|
|
-- <https://hasura.io/docs/latest/graphql/core/auth/authorization/permission-rules.html#column-presets
|
2021-12-29 06:51:01 +03:00
|
|
|
-- Permissions user docs>). Use the 'presetColumns' function to extract those from the update permissions.
|
2021-11-26 16:47:12 +03:00
|
|
|
-- * It validates that that the update fields parsed are sound when taken as a
|
|
|
|
-- whole, i.e. that some changes are actually specified (either in the
|
|
|
|
-- mutation query text or in update preset columns) and that each column is
|
|
|
|
-- only used in one operator.
|
|
|
|
buildUpdateOperators ::
|
2022-03-10 15:12:36 +03:00
|
|
|
forall b r m n op.
|
|
|
|
MonadBuildSchema b r m n =>
|
2021-11-26 16:47:12 +03:00
|
|
|
-- | Columns with @preset@ expressions
|
2021-12-29 06:51:01 +03:00
|
|
|
(HashMap (Column b) op) ->
|
2021-11-26 16:47:12 +03:00
|
|
|
-- | Update operators to include in the Schema
|
2022-09-06 19:48:04 +03:00
|
|
|
[UpdateOperator b r m n op] ->
|
2021-11-26 16:47:12 +03:00
|
|
|
TableInfo b ->
|
2022-09-06 19:48:04 +03:00
|
|
|
SchemaT r m (P.InputFieldsParser n (HashMap (Column b) op))
|
Role-invariant schema constructors
We build the GraphQL schema by combining building blocks such as `tableSelectionSet` and `columnParser`. These building blocks individually build `{InputFields,Field,}Parser` objects. Those object specify the valid GraphQL schema.
Since the GraphQL schema is role-dependent, at some point we need to know what fragment of the GraphQL schema a specific role is allowed to access, and this is stored in `{Sel,Upd,Ins,Del}PermInfo` objects.
We have passed around these permission objects as function arguments to the schema building blocks since we first started dealing with permissions during the PDV refactor - see hasura/graphql-engine@5168b99e463199b1934d8645bd6cd37eddb64ae1 in hasura/graphql-engine#4111. This means that, for instance, `tableSelectionSet` has as its type:
```haskell
tableSelectionSet ::
forall b r m n.
MonadBuildSchema b r m n =>
SourceName ->
TableInfo b ->
SelPermInfo b ->
m (Parser 'Output n (AnnotatedFields b))
```
There are three reasons to change this.
1. We often pass a `Maybe (xPermInfo b)` instead of a proper `xPermInfo b`, and it's not clear what the intended semantics of this is. Some potential improvements on the data types involved are discussed in issue hasura/graphql-engine-mono#3125.
2. In most cases we also already pass a `TableInfo b`, and together with the `MonadRole` that is usually also in scope, this means that we could look up the required permissions regardless: so passing the permissions explicitly undermines the "single source of truth" principle. Breaking this principle also makes the code more difficult to read.
3. We are working towards role-based parsers (see hasura/graphql-engine-mono#2711), where the `{InputFields,Field,}Parser` objects are constructed in a role-invariant way, so that we have a single object that can be used for all roles. In particular, this means that the schema building blocks _need_ to be constructed in a role-invariant way. While this PR doesn't accomplish that, it does reduce the amount of role-specific arguments being passed, thus fixing hasura/graphql-engine-mono#3068.
Concretely, this PR simply drops the `xPermInfo b` argument from almost all schema building blocks. Instead these objects are looked up from the `TableInfo b` as-needed. The resulting code is considerably simpler and shorter.
One way to interpret this change is as follows. Before this PR, we figured out permissions at the top-level in `Hasura.GraphQL.Schema`, passing down the obtained `xPermInfo` objects as required. After this PR, we have a bottom-up approach where the schema building blocks themselves decide whether they want to be included for a particular role.
So this moves some permission logic out of `Hasura.GraphQL.Schema`, which is very complex.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3608
GitOrigin-RevId: 51a744f34ec7d57bc8077667ae7f9cb9c4f6c962
2022-02-17 11:16:20 +03:00
|
|
|
buildUpdateOperators presetCols ops tableInfo = do
|
2021-12-29 06:51:01 +03:00
|
|
|
parsers :: P.InputFieldsParser n [HashMap (Column b) op] <-
|
Role-invariant schema constructors
We build the GraphQL schema by combining building blocks such as `tableSelectionSet` and `columnParser`. These building blocks individually build `{InputFields,Field,}Parser` objects. Those object specify the valid GraphQL schema.
Since the GraphQL schema is role-dependent, at some point we need to know what fragment of the GraphQL schema a specific role is allowed to access, and this is stored in `{Sel,Upd,Ins,Del}PermInfo` objects.
We have passed around these permission objects as function arguments to the schema building blocks since we first started dealing with permissions during the PDV refactor - see hasura/graphql-engine@5168b99e463199b1934d8645bd6cd37eddb64ae1 in hasura/graphql-engine#4111. This means that, for instance, `tableSelectionSet` has as its type:
```haskell
tableSelectionSet ::
forall b r m n.
MonadBuildSchema b r m n =>
SourceName ->
TableInfo b ->
SelPermInfo b ->
m (Parser 'Output n (AnnotatedFields b))
```
There are three reasons to change this.
1. We often pass a `Maybe (xPermInfo b)` instead of a proper `xPermInfo b`, and it's not clear what the intended semantics of this is. Some potential improvements on the data types involved are discussed in issue hasura/graphql-engine-mono#3125.
2. In most cases we also already pass a `TableInfo b`, and together with the `MonadRole` that is usually also in scope, this means that we could look up the required permissions regardless: so passing the permissions explicitly undermines the "single source of truth" principle. Breaking this principle also makes the code more difficult to read.
3. We are working towards role-based parsers (see hasura/graphql-engine-mono#2711), where the `{InputFields,Field,}Parser` objects are constructed in a role-invariant way, so that we have a single object that can be used for all roles. In particular, this means that the schema building blocks _need_ to be constructed in a role-invariant way. While this PR doesn't accomplish that, it does reduce the amount of role-specific arguments being passed, thus fixing hasura/graphql-engine-mono#3068.
Concretely, this PR simply drops the `xPermInfo b` argument from almost all schema building blocks. Instead these objects are looked up from the `TableInfo b` as-needed. The resulting code is considerably simpler and shorter.
One way to interpret this change is as follows. Before this PR, we figured out permissions at the top-level in `Hasura.GraphQL.Schema`, passing down the obtained `xPermInfo` objects as required. After this PR, we have a bottom-up approach where the schema building blocks themselves decide whether they want to be included for a particular role.
So this moves some permission logic out of `Hasura.GraphQL.Schema`, which is very complex.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3608
GitOrigin-RevId: 51a744f34ec7d57bc8077667ae7f9cb9c4f6c962
2022-02-17 11:16:20 +03:00
|
|
|
sequenceA . catMaybes <$> traverse (runUpdateOperator tableInfo) ops
|
2021-11-26 16:47:12 +03:00
|
|
|
pure $
|
|
|
|
parsers
|
|
|
|
`P.bindFields` ( \opExps -> do
|
|
|
|
let withPreset = presetCols : opExps
|
|
|
|
mergeDisjoint @b withPreset
|
|
|
|
)
|
|
|
|
|
|
|
|
-- | The columns that have 'preset' definitions applied to them. (see
|
|
|
|
-- <https://hasura.io/docs/latest/graphql/core/auth/authorization/permission-rules.html#column-presets
|
|
|
|
-- Permissions user docs>)
|
2022-05-31 01:07:02 +03:00
|
|
|
presetColumns :: UpdPermInfo b -> HashMap (Column b) (UnpreparedValue b)
|
2021-11-26 16:47:12 +03:00
|
|
|
presetColumns = fmap partialSQLExpToUnpreparedValue . upiSet
|
|
|
|
|
|
|
|
-- | Produce an InputFieldsParser from an UpdateOperator, but only if the operator
|
|
|
|
-- applies to the table (i.e., it admits a non-empty column set).
|
|
|
|
runUpdateOperator ::
|
2022-03-10 15:12:36 +03:00
|
|
|
forall b r m n op.
|
|
|
|
MonadBuildSchema b r m n =>
|
2021-11-26 16:47:12 +03:00
|
|
|
TableInfo b ->
|
2022-09-06 19:48:04 +03:00
|
|
|
UpdateOperator b r m n op ->
|
|
|
|
SchemaT
|
|
|
|
r
|
|
|
|
m
|
2021-11-26 16:47:12 +03:00
|
|
|
( Maybe
|
|
|
|
( P.InputFieldsParser
|
|
|
|
n
|
2021-12-29 06:51:01 +03:00
|
|
|
(HashMap (Column b) op)
|
2021-11-26 16:47:12 +03:00
|
|
|
)
|
|
|
|
)
|
Role-invariant schema constructors
We build the GraphQL schema by combining building blocks such as `tableSelectionSet` and `columnParser`. These building blocks individually build `{InputFields,Field,}Parser` objects. Those object specify the valid GraphQL schema.
Since the GraphQL schema is role-dependent, at some point we need to know what fragment of the GraphQL schema a specific role is allowed to access, and this is stored in `{Sel,Upd,Ins,Del}PermInfo` objects.
We have passed around these permission objects as function arguments to the schema building blocks since we first started dealing with permissions during the PDV refactor - see hasura/graphql-engine@5168b99e463199b1934d8645bd6cd37eddb64ae1 in hasura/graphql-engine#4111. This means that, for instance, `tableSelectionSet` has as its type:
```haskell
tableSelectionSet ::
forall b r m n.
MonadBuildSchema b r m n =>
SourceName ->
TableInfo b ->
SelPermInfo b ->
m (Parser 'Output n (AnnotatedFields b))
```
There are three reasons to change this.
1. We often pass a `Maybe (xPermInfo b)` instead of a proper `xPermInfo b`, and it's not clear what the intended semantics of this is. Some potential improvements on the data types involved are discussed in issue hasura/graphql-engine-mono#3125.
2. In most cases we also already pass a `TableInfo b`, and together with the `MonadRole` that is usually also in scope, this means that we could look up the required permissions regardless: so passing the permissions explicitly undermines the "single source of truth" principle. Breaking this principle also makes the code more difficult to read.
3. We are working towards role-based parsers (see hasura/graphql-engine-mono#2711), where the `{InputFields,Field,}Parser` objects are constructed in a role-invariant way, so that we have a single object that can be used for all roles. In particular, this means that the schema building blocks _need_ to be constructed in a role-invariant way. While this PR doesn't accomplish that, it does reduce the amount of role-specific arguments being passed, thus fixing hasura/graphql-engine-mono#3068.
Concretely, this PR simply drops the `xPermInfo b` argument from almost all schema building blocks. Instead these objects are looked up from the `TableInfo b` as-needed. The resulting code is considerably simpler and shorter.
One way to interpret this change is as follows. Before this PR, we figured out permissions at the top-level in `Hasura.GraphQL.Schema`, passing down the obtained `xPermInfo` objects as required. After this PR, we have a bottom-up approach where the schema building blocks themselves decide whether they want to be included for a particular role.
So this moves some permission logic out of `Hasura.GraphQL.Schema`, which is very complex.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3608
GitOrigin-RevId: 51a744f34ec7d57bc8077667ae7f9cb9c4f6c962
2022-02-17 11:16:20 +03:00
|
|
|
runUpdateOperator tableInfo UpdateOperator {..} = do
|
2021-11-26 16:47:12 +03:00
|
|
|
let tableName = tableInfoName tableInfo
|
2022-08-17 15:46:36 +03:00
|
|
|
tableGQLName <- getTableIdentifierName tableInfo
|
Move RoleName into SchemaContext.
### Description
I am not 100% sure about this PR; while I think the code is better this way, I'm willing to be convinced otherwise.
In short, this PR moves the `RoleName` field into the `SchemaContext`, instead of being a nebulous `Has RoleName` constraint on the reader monad. The major upside of this is that it makes it an explicit named field, rather than something that must be given as part of a tuple of arguments when calling `runReader`.
However, the downside is that it breaks the helper permissions functions of `Schema.Table`, which relied on `Has RoleName r`. This PR makes the choice of passing the role name explicitly to all of those functions, which in turn means first explicitly fetching the role name in a lot of places. It makes it more explicit when a schema building block relies on the role name, but is a bit verbose...
### Alternatives
Some alternatives worth considering:
- attempting something like `Has context r, Has RoleName context`, which would allow them to be independent from the context but still fetch the role name from the reader, but might require type annotations to not be ambiguous
- keeping the permission functions the same, with `Has RoleName r`, and introducing a bunch of newtypes instead of using tuples to explicitly implement all the required `Has` instances
- changing the permission functions to `Has SchemaContext r`, since they are functions used only to build the schema, and therefore may be allowed to be tied to the context.
What do y'all think?
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5073
GitOrigin-RevId: 8fd09fafb54905a4d115ef30842d35da0c3db5d2
2022-07-29 18:37:09 +03:00
|
|
|
roleName <- retrieve scRole
|
|
|
|
let columns = tableUpdateColumns roleName tableInfo
|
2021-11-26 16:47:12 +03:00
|
|
|
|
|
|
|
let applicableCols :: Maybe (NonEmpty (ColumnInfo b)) =
|
|
|
|
nonEmpty . filter updateOperatorApplicableColumn $ columns
|
|
|
|
|
2022-09-06 19:48:04 +03:00
|
|
|
(sequenceA :: Maybe (SchemaT r m a) -> SchemaT r m (Maybe a))
|
2021-11-26 16:47:12 +03:00
|
|
|
(applicableCols <&> updateOperatorParser tableGQLName tableName)
|
|
|
|
|
|
|
|
-- | Merge the results of parsed update operators. Throws an error if the same
|
|
|
|
-- column has been specified in multiple operators.
|
|
|
|
mergeDisjoint ::
|
|
|
|
forall b m t.
|
|
|
|
(Backend b, P.MonadParse m) =>
|
|
|
|
[HashMap (Column b) t] ->
|
|
|
|
m (HashMap (Column b) t)
|
|
|
|
mergeDisjoint parsedResults = do
|
|
|
|
let unioned = M.unionsAll parsedResults
|
|
|
|
duplicates = M.keys $ M.filter (not . null . NE.tail) unioned
|
|
|
|
|
|
|
|
unless (null duplicates) $
|
|
|
|
P.parseError
|
|
|
|
( "Column found in multiple operators: "
|
An `ErrorMessage` type, to encapsulate.
This introduces an `ErrorMessage` newtype which wraps `Text` in a manner which is designed to be easy to construct, and difficult to deconstruct.
It provides functionality similar to `Data.Text.Extended`, but designed _only_ for error messages. Error messages are constructed through `fromString`, concatenation, or the `toErrorValue` function, which is designed to be overridden for all meaningful domain types that might show up in an error message. Notably, there are not and should never be instances of `ToErrorValue` for `String`, `Text`, `Int`, etc. This is so that we correctly represent the value in a way that is specific to its type. For example, all `Name` values (from the _graphql-parser-hs_ library) are single-quoted now; no exceptions.
I have mostly had to add `instance ToErrorValue` for various backend types (and also add newtypes where necessary). Some of these are not strictly necessary for this changeset, as I had bigger aspirations when I started. These aspirations have been tempered by trying and failing twice.
As such, in this changeset, I have started by introducing this type to the `parseError` and `parseErrorWith` functions. In the future, I would like to extend this to the `QErr` record and the various `throwError` functions, but this is a much larger task and should probably be done in stages.
For now, `toErrorMessage` and `fromErrorMessage` are provided for conversion to and from `Text`, but the intent is to stop exporting these once all error messages are converted to the new type.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5018
GitOrigin-RevId: 84b37e238992e4312255a87ca44f41af65e2d89a
2022-07-18 23:26:01 +03:00
|
|
|
<> toErrorValue duplicates
|
2021-11-26 16:47:12 +03:00
|
|
|
<> "."
|
|
|
|
)
|
|
|
|
|
|
|
|
return $ M.map NE.head unioned
|
|
|
|
|
|
|
|
-- | Construct a parser for a single update operator.
|
|
|
|
--
|
|
|
|
-- @updateOperator _ "op" fp MkOp ["col1","col2"]@ gives a parser that accepts
|
|
|
|
-- objects in the shape of:
|
|
|
|
--
|
|
|
|
-- > op: {
|
|
|
|
-- > col1: "x",
|
|
|
|
-- > col2: "y"
|
|
|
|
-- > }
|
|
|
|
--
|
|
|
|
-- And (morally) parses into values:
|
|
|
|
--
|
|
|
|
-- > M.fromList [("col1", MkOp (fp "x")), ("col2", MkOp (fp "y"))]
|
|
|
|
updateOperator ::
|
|
|
|
forall n r m b a.
|
2022-09-06 19:48:04 +03:00
|
|
|
MonadBuildSchema b r m n =>
|
2022-08-17 15:46:36 +03:00
|
|
|
GQLNameIdentifier ->
|
|
|
|
GQLNameIdentifier ->
|
|
|
|
GQLNameIdentifier ->
|
2022-09-06 19:48:04 +03:00
|
|
|
(ColumnInfo b -> SchemaT r m (P.Parser 'P.Both n a)) ->
|
2021-11-26 16:47:12 +03:00
|
|
|
NonEmpty (ColumnInfo b) ->
|
|
|
|
Description ->
|
|
|
|
Description ->
|
2022-09-06 19:48:04 +03:00
|
|
|
SchemaT r m (P.InputFieldsParser n (HashMap (Column b) a))
|
2022-08-17 15:46:36 +03:00
|
|
|
updateOperator tableGQLName opName opFieldName mkParser columns opDesc objDesc = do
|
|
|
|
tCase <- asks getter
|
2021-11-26 16:47:12 +03:00
|
|
|
fieldParsers :: NonEmpty (P.InputFieldsParser n (Maybe (Column b, a))) <-
|
|
|
|
for columns \columnInfo -> do
|
2022-01-19 11:37:50 +03:00
|
|
|
let fieldName = ciName columnInfo
|
|
|
|
fieldDesc = ciDescription columnInfo
|
2021-11-26 16:47:12 +03:00
|
|
|
fieldParser <- mkParser columnInfo
|
|
|
|
pure $
|
|
|
|
P.fieldOptional fieldName fieldDesc fieldParser
|
2022-01-19 11:37:50 +03:00
|
|
|
`mapField` \value -> (ciColumn columnInfo, value)
|
2021-11-26 16:47:12 +03:00
|
|
|
|
2022-08-17 15:46:36 +03:00
|
|
|
objName <- mkTypename $ applyTypeNameCaseIdentifier tCase $ mkTableOperatorInputTypeName tableGQLName opName
|
2021-11-26 16:47:12 +03:00
|
|
|
pure $
|
|
|
|
fmap (M.fromList . (fold :: Maybe [(Column b, a)] -> [(Column b, a)])) $
|
2022-08-17 15:46:36 +03:00
|
|
|
P.fieldOptional (applyFieldNameCaseIdentifier tCase opFieldName) (Just opDesc) $
|
2021-11-26 16:47:12 +03:00
|
|
|
P.object objName (Just objDesc) $
|
|
|
|
(catMaybes . toList) <$> sequenceA fieldParsers
|
|
|
|
{-# ANN updateOperator ("HLint: ignore Use tuple-section" :: String) #-}
|
|
|
|
|
|
|
|
setOp ::
|
|
|
|
forall b n r m.
|
2022-09-06 19:48:04 +03:00
|
|
|
MonadBuildSchema b r m n =>
|
|
|
|
UpdateOperator b r m n (UnpreparedValue b)
|
2021-11-26 16:47:12 +03:00
|
|
|
setOp = UpdateOperator {..}
|
|
|
|
where
|
|
|
|
updateOperatorApplicableColumn = const True
|
|
|
|
|
|
|
|
updateOperatorParser tableGQLName tableName columns = do
|
|
|
|
let typedParser columnInfo =
|
2022-05-31 01:07:02 +03:00
|
|
|
fmap mkParameter
|
2021-11-26 16:47:12 +03:00
|
|
|
<$> columnParser
|
2022-01-19 11:37:50 +03:00
|
|
|
(ciType columnInfo)
|
|
|
|
(Nullability $ ciIsNullable columnInfo)
|
2021-11-26 16:47:12 +03:00
|
|
|
|
|
|
|
updateOperator
|
|
|
|
tableGQLName
|
2022-08-17 15:46:36 +03:00
|
|
|
(fromAutogeneratedName $$(litName "set"))
|
|
|
|
(fromAutogeneratedName $$(litName "_set"))
|
2021-11-26 16:47:12 +03:00
|
|
|
typedParser
|
|
|
|
columns
|
|
|
|
"sets the columns of the filtered rows to the given values"
|
|
|
|
(Description $ "input type for updating data in table " <>> tableName)
|
|
|
|
|
|
|
|
incOp ::
|
|
|
|
forall b m n r.
|
2022-09-06 19:48:04 +03:00
|
|
|
MonadBuildSchema b r m n =>
|
|
|
|
UpdateOperator b r m n (UnpreparedValue b)
|
2021-11-26 16:47:12 +03:00
|
|
|
incOp = UpdateOperator {..}
|
|
|
|
where
|
|
|
|
updateOperatorApplicableColumn = isNumCol
|
|
|
|
|
|
|
|
updateOperatorParser tableGQLName tableName columns = do
|
|
|
|
let typedParser columnInfo =
|
2022-05-31 01:07:02 +03:00
|
|
|
fmap mkParameter
|
2021-11-26 16:47:12 +03:00
|
|
|
<$> columnParser
|
2022-01-19 11:37:50 +03:00
|
|
|
(ciType columnInfo)
|
|
|
|
(Nullability $ ciIsNullable columnInfo)
|
2021-11-26 16:47:12 +03:00
|
|
|
|
|
|
|
updateOperator
|
|
|
|
tableGQLName
|
2022-08-17 15:46:36 +03:00
|
|
|
(fromAutogeneratedName $$(litName "inc"))
|
|
|
|
(fromAutogeneratedName $$(litName "_inc"))
|
2021-11-26 16:47:12 +03:00
|
|
|
typedParser
|
|
|
|
columns
|
|
|
|
"increments the numeric columns with given value of the filtered values"
|
|
|
|
(Description $ "input type for incrementing numeric columns in table " <>> tableName)
|
|
|
|
|
|
|
|
-- | Construct a root field, normally called update_tablename, that can be used
|
|
|
|
-- to update rows in a DB table specified by filters. Only returns a parser if
|
|
|
|
-- there are columns the user is allowed to update; otherwise returns Nothing.
|
|
|
|
updateTable ::
|
|
|
|
forall b r m n.
|
2022-06-30 18:22:19 +03:00
|
|
|
( MonadBuildSchema b r m n,
|
2022-08-22 18:57:46 +03:00
|
|
|
AggregationPredicatesSchema b,
|
2022-06-30 18:22:19 +03:00
|
|
|
BackendTableSelectSchema b
|
|
|
|
) =>
|
2021-11-26 16:47:12 +03:00
|
|
|
-- | backend-specific data needed to perform an update mutation
|
2022-05-31 01:07:02 +03:00
|
|
|
P.InputFieldsParser n (BackendUpdate b (UnpreparedValue b)) ->
|
2022-05-31 17:41:09 +03:00
|
|
|
Scenario ->
|
2021-11-26 16:47:12 +03:00
|
|
|
-- | table source
|
Remove circular dependency in schema building code
### Description
The main goal of this PR is, as stated, to remove the circular dependency in the schema building code. This cycle arises from the existence of remote relationships: when we build the schema for a source A, a remote relationship might force us to jump to the schema of a source B, or some remote schema. As a result, we end up having to do a dispatch from a "leaf" of the schema, similar to the one done at the root. In turn, this forces us to carry along in the schema a lot of information required for that dispatch, AND it forces us to import the instances in scope, creating an import loop.
As discussed in #4489, this PR implements the "dependency injection" solution: we pass to the schema a function to call to do the dispatch, and to get a generated field for a remote relationship. That way, this function can be chosen at the root level, and the leaves need not be aware of the overall context.
This PR grew a bit bigger than that, however; in an attempt to try and remove the `SourceCache` from the schema altogether, it changed a lot of functions across the schema building code, to thread along the `SourceInfo b` of the source being built. This avoids having to do cache lookups within a given source. A few cases remain, such as relay, that we might try to tackle in a subsequent PR.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/4557
GitOrigin-RevId: 9388e48372877520a72a9fd1677005df9f7b2d72
2022-05-27 20:21:22 +03:00
|
|
|
SourceInfo b ->
|
2021-11-26 16:47:12 +03:00
|
|
|
-- | table info
|
|
|
|
TableInfo b ->
|
|
|
|
-- | field display name
|
|
|
|
Name ->
|
|
|
|
-- | field description, if any
|
|
|
|
Maybe Description ->
|
2022-09-06 19:48:04 +03:00
|
|
|
SchemaT r m (Maybe (P.FieldParser n (AnnotatedUpdateG b (RemoteRelationshipField UnpreparedValue) (UnpreparedValue b))))
|
2022-05-31 17:41:09 +03:00
|
|
|
updateTable backendUpdate scenario sourceInfo tableInfo fieldName description = runMaybeT do
|
2022-09-06 17:18:30 +03:00
|
|
|
let columns = tableColumns tableInfo
|
2021-11-26 16:47:12 +03:00
|
|
|
whereName = $$(litName "where")
|
|
|
|
whereDesc = "filter the rows which have to be updated"
|
Role-invariant schema constructors
We build the GraphQL schema by combining building blocks such as `tableSelectionSet` and `columnParser`. These building blocks individually build `{InputFields,Field,}Parser` objects. Those object specify the valid GraphQL schema.
Since the GraphQL schema is role-dependent, at some point we need to know what fragment of the GraphQL schema a specific role is allowed to access, and this is stored in `{Sel,Upd,Ins,Del}PermInfo` objects.
We have passed around these permission objects as function arguments to the schema building blocks since we first started dealing with permissions during the PDV refactor - see hasura/graphql-engine@5168b99e463199b1934d8645bd6cd37eddb64ae1 in hasura/graphql-engine#4111. This means that, for instance, `tableSelectionSet` has as its type:
```haskell
tableSelectionSet ::
forall b r m n.
MonadBuildSchema b r m n =>
SourceName ->
TableInfo b ->
SelPermInfo b ->
m (Parser 'Output n (AnnotatedFields b))
```
There are three reasons to change this.
1. We often pass a `Maybe (xPermInfo b)` instead of a proper `xPermInfo b`, and it's not clear what the intended semantics of this is. Some potential improvements on the data types involved are discussed in issue hasura/graphql-engine-mono#3125.
2. In most cases we also already pass a `TableInfo b`, and together with the `MonadRole` that is usually also in scope, this means that we could look up the required permissions regardless: so passing the permissions explicitly undermines the "single source of truth" principle. Breaking this principle also makes the code more difficult to read.
3. We are working towards role-based parsers (see hasura/graphql-engine-mono#2711), where the `{InputFields,Field,}Parser` objects are constructed in a role-invariant way, so that we have a single object that can be used for all roles. In particular, this means that the schema building blocks _need_ to be constructed in a role-invariant way. While this PR doesn't accomplish that, it does reduce the amount of role-specific arguments being passed, thus fixing hasura/graphql-engine-mono#3068.
Concretely, this PR simply drops the `xPermInfo b` argument from almost all schema building blocks. Instead these objects are looked up from the `TableInfo b` as-needed. The resulting code is considerably simpler and shorter.
One way to interpret this change is as follows. Before this PR, we figured out permissions at the top-level in `Hasura.GraphQL.Schema`, passing down the obtained `xPermInfo` objects as required. After this PR, we have a bottom-up approach where the schema building blocks themselves decide whether they want to be included for a particular role.
So this moves some permission logic out of `Hasura.GraphQL.Schema`, which is very complex.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3608
GitOrigin-RevId: 51a744f34ec7d57bc8077667ae7f9cb9c4f6c962
2022-02-17 11:16:20 +03:00
|
|
|
viewInfo = _tciViewInfo $ _tiCoreInfo tableInfo
|
|
|
|
guard $ isMutable viIsUpdatable viewInfo
|
Move RoleName into SchemaContext.
### Description
I am not 100% sure about this PR; while I think the code is better this way, I'm willing to be convinced otherwise.
In short, this PR moves the `RoleName` field into the `SchemaContext`, instead of being a nebulous `Has RoleName` constraint on the reader monad. The major upside of this is that it makes it an explicit named field, rather than something that must be given as part of a tuple of arguments when calling `runReader`.
However, the downside is that it breaks the helper permissions functions of `Schema.Table`, which relied on `Has RoleName r`. This PR makes the choice of passing the role name explicitly to all of those functions, which in turn means first explicitly fetching the role name in a lot of places. It makes it more explicit when a schema building block relies on the role name, but is a bit verbose...
### Alternatives
Some alternatives worth considering:
- attempting something like `Has context r, Has RoleName context`, which would allow them to be independent from the context but still fetch the role name from the reader, but might require type annotations to not be ambiguous
- keeping the permission functions the same, with `Has RoleName r`, and introducing a bunch of newtypes instead of using tuples to explicitly implement all the required `Has` instances
- changing the permission functions to `Has SchemaContext r`, since they are functions used only to build the schema, and therefore may be allowed to be tied to the context.
What do y'all think?
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5073
GitOrigin-RevId: 8fd09fafb54905a4d115ef30842d35da0c3db5d2
2022-07-29 18:37:09 +03:00
|
|
|
roleName <- retrieve scRole
|
|
|
|
updatePerms <- hoistMaybe $ _permUpd $ getRolePermInfo roleName tableInfo
|
2022-05-31 17:41:09 +03:00
|
|
|
-- If we're in a frontend scenario, we should not include backend_only updates
|
|
|
|
-- For more info see Note [Backend only permissions]
|
|
|
|
guard $ not $ scenario == Frontend && upiBackendOnly updatePerms
|
Remove circular dependency in schema building code
### Description
The main goal of this PR is, as stated, to remove the circular dependency in the schema building code. This cycle arises from the existence of remote relationships: when we build the schema for a source A, a remote relationship might force us to jump to the schema of a source B, or some remote schema. As a result, we end up having to do a dispatch from a "leaf" of the schema, similar to the one done at the root. In turn, this forces us to carry along in the schema a lot of information required for that dispatch, AND it forces us to import the instances in scope, creating an import loop.
As discussed in #4489, this PR implements the "dependency injection" solution: we pass to the schema a function to call to do the dispatch, and to get a generated field for a remote relationship. That way, this function can be chosen at the root level, and the leaves need not be aware of the overall context.
This PR grew a bit bigger than that, however; in an attempt to try and remove the `SourceCache` from the schema altogether, it changed a lot of functions across the schema building code, to thread along the `SourceInfo b` of the source being built. This avoids having to do cache lookups within a given source. A few cases remain, such as relay, that we might try to tackle in a subsequent PR.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/4557
GitOrigin-RevId: 9388e48372877520a72a9fd1677005df9f7b2d72
2022-05-27 20:21:22 +03:00
|
|
|
whereArg <- lift $ P.field whereName (Just whereDesc) <$> boolExp sourceInfo tableInfo
|
|
|
|
selection <- lift $ mutationSelectionSet sourceInfo tableInfo
|
2022-07-19 09:55:42 +03:00
|
|
|
tCase <- asks getter
|
2021-11-26 16:47:12 +03:00
|
|
|
let argsParser = liftA2 (,) backendUpdate whereArg
|
|
|
|
pure $
|
2022-09-06 17:18:30 +03:00
|
|
|
P.setFieldParserOrigin (MOSourceObjId sourceName (AB.mkAnyBackend $ SMOTable @b tableName)) $
|
|
|
|
P.subselection fieldName description argsParser selection
|
|
|
|
<&> mkUpdateObject tableName columns updatePerms (Just tCase) . fmap MOutMultirowFields
|
|
|
|
where
|
|
|
|
sourceName = _siName sourceInfo
|
|
|
|
tableName = tableInfoName tableInfo
|
2021-11-26 16:47:12 +03:00
|
|
|
|
|
|
|
-- | Construct a root field, normally called 'update_tablename_by_pk', that can be used
|
|
|
|
-- to update a single in a DB table, specified by primary key. Only returns a
|
|
|
|
-- parser if there are columns the user is allowed to update and if the user has
|
|
|
|
-- select permissions on all primary keys; otherwise returns Nothing.
|
|
|
|
updateTableByPk ::
|
|
|
|
forall b r m n.
|
|
|
|
MonadBuildSchema b r m n =>
|
2022-06-30 18:22:19 +03:00
|
|
|
BackendTableSelectSchema b =>
|
2021-11-26 16:47:12 +03:00
|
|
|
-- | backend-specific data needed to perform an update mutation
|
2022-05-31 01:07:02 +03:00
|
|
|
P.InputFieldsParser n (BackendUpdate b (UnpreparedValue b)) ->
|
2022-05-31 17:41:09 +03:00
|
|
|
Scenario ->
|
2021-11-26 16:47:12 +03:00
|
|
|
-- | table source
|
Remove circular dependency in schema building code
### Description
The main goal of this PR is, as stated, to remove the circular dependency in the schema building code. This cycle arises from the existence of remote relationships: when we build the schema for a source A, a remote relationship might force us to jump to the schema of a source B, or some remote schema. As a result, we end up having to do a dispatch from a "leaf" of the schema, similar to the one done at the root. In turn, this forces us to carry along in the schema a lot of information required for that dispatch, AND it forces us to import the instances in scope, creating an import loop.
As discussed in #4489, this PR implements the "dependency injection" solution: we pass to the schema a function to call to do the dispatch, and to get a generated field for a remote relationship. That way, this function can be chosen at the root level, and the leaves need not be aware of the overall context.
This PR grew a bit bigger than that, however; in an attempt to try and remove the `SourceCache` from the schema altogether, it changed a lot of functions across the schema building code, to thread along the `SourceInfo b` of the source being built. This avoids having to do cache lookups within a given source. A few cases remain, such as relay, that we might try to tackle in a subsequent PR.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/4557
GitOrigin-RevId: 9388e48372877520a72a9fd1677005df9f7b2d72
2022-05-27 20:21:22 +03:00
|
|
|
SourceInfo b ->
|
2021-11-26 16:47:12 +03:00
|
|
|
-- | table info
|
|
|
|
TableInfo b ->
|
|
|
|
-- | field display name
|
|
|
|
Name ->
|
|
|
|
-- | field description, if any
|
|
|
|
Maybe Description ->
|
2022-09-06 19:48:04 +03:00
|
|
|
SchemaT r m (Maybe (P.FieldParser n (AnnotatedUpdateG b (RemoteRelationshipField UnpreparedValue) (UnpreparedValue b))))
|
2022-05-31 17:41:09 +03:00
|
|
|
updateTableByPk backendUpdate scenario sourceInfo tableInfo fieldName description = runMaybeT $ do
|
2021-11-26 16:47:12 +03:00
|
|
|
let columns = tableColumns tableInfo
|
Role-invariant schema constructors
We build the GraphQL schema by combining building blocks such as `tableSelectionSet` and `columnParser`. These building blocks individually build `{InputFields,Field,}Parser` objects. Those object specify the valid GraphQL schema.
Since the GraphQL schema is role-dependent, at some point we need to know what fragment of the GraphQL schema a specific role is allowed to access, and this is stored in `{Sel,Upd,Ins,Del}PermInfo` objects.
We have passed around these permission objects as function arguments to the schema building blocks since we first started dealing with permissions during the PDV refactor - see hasura/graphql-engine@5168b99e463199b1934d8645bd6cd37eddb64ae1 in hasura/graphql-engine#4111. This means that, for instance, `tableSelectionSet` has as its type:
```haskell
tableSelectionSet ::
forall b r m n.
MonadBuildSchema b r m n =>
SourceName ->
TableInfo b ->
SelPermInfo b ->
m (Parser 'Output n (AnnotatedFields b))
```
There are three reasons to change this.
1. We often pass a `Maybe (xPermInfo b)` instead of a proper `xPermInfo b`, and it's not clear what the intended semantics of this is. Some potential improvements on the data types involved are discussed in issue hasura/graphql-engine-mono#3125.
2. In most cases we also already pass a `TableInfo b`, and together with the `MonadRole` that is usually also in scope, this means that we could look up the required permissions regardless: so passing the permissions explicitly undermines the "single source of truth" principle. Breaking this principle also makes the code more difficult to read.
3. We are working towards role-based parsers (see hasura/graphql-engine-mono#2711), where the `{InputFields,Field,}Parser` objects are constructed in a role-invariant way, so that we have a single object that can be used for all roles. In particular, this means that the schema building blocks _need_ to be constructed in a role-invariant way. While this PR doesn't accomplish that, it does reduce the amount of role-specific arguments being passed, thus fixing hasura/graphql-engine-mono#3068.
Concretely, this PR simply drops the `xPermInfo b` argument from almost all schema building blocks. Instead these objects are looked up from the `TableInfo b` as-needed. The resulting code is considerably simpler and shorter.
One way to interpret this change is as follows. Before this PR, we figured out permissions at the top-level in `Hasura.GraphQL.Schema`, passing down the obtained `xPermInfo` objects as required. After this PR, we have a bottom-up approach where the schema building blocks themselves decide whether they want to be included for a particular role.
So this moves some permission logic out of `Hasura.GraphQL.Schema`, which is very complex.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3608
GitOrigin-RevId: 51a744f34ec7d57bc8077667ae7f9cb9c4f6c962
2022-02-17 11:16:20 +03:00
|
|
|
viewInfo = _tciViewInfo $ _tiCoreInfo tableInfo
|
|
|
|
guard $ isMutable viIsUpdatable viewInfo
|
Move RoleName into SchemaContext.
### Description
I am not 100% sure about this PR; while I think the code is better this way, I'm willing to be convinced otherwise.
In short, this PR moves the `RoleName` field into the `SchemaContext`, instead of being a nebulous `Has RoleName` constraint on the reader monad. The major upside of this is that it makes it an explicit named field, rather than something that must be given as part of a tuple of arguments when calling `runReader`.
However, the downside is that it breaks the helper permissions functions of `Schema.Table`, which relied on `Has RoleName r`. This PR makes the choice of passing the role name explicitly to all of those functions, which in turn means first explicitly fetching the role name in a lot of places. It makes it more explicit when a schema building block relies on the role name, but is a bit verbose...
### Alternatives
Some alternatives worth considering:
- attempting something like `Has context r, Has RoleName context`, which would allow them to be independent from the context but still fetch the role name from the reader, but might require type annotations to not be ambiguous
- keeping the permission functions the same, with `Has RoleName r`, and introducing a bunch of newtypes instead of using tuples to explicitly implement all the required `Has` instances
- changing the permission functions to `Has SchemaContext r`, since they are functions used only to build the schema, and therefore may be allowed to be tied to the context.
What do y'all think?
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5073
GitOrigin-RevId: 8fd09fafb54905a4d115ef30842d35da0c3db5d2
2022-07-29 18:37:09 +03:00
|
|
|
roleName <- retrieve scRole
|
|
|
|
updatePerms <- hoistMaybe $ _permUpd $ getRolePermInfo roleName tableInfo
|
2022-05-31 17:41:09 +03:00
|
|
|
-- If we're in a frontend scenario, we should not include backend_only updates
|
|
|
|
-- For more info see Note [Backend only permissions]
|
|
|
|
guard $ not $ scenario == Frontend && upiBackendOnly updatePerms
|
Role-invariant schema constructors
We build the GraphQL schema by combining building blocks such as `tableSelectionSet` and `columnParser`. These building blocks individually build `{InputFields,Field,}Parser` objects. Those object specify the valid GraphQL schema.
Since the GraphQL schema is role-dependent, at some point we need to know what fragment of the GraphQL schema a specific role is allowed to access, and this is stored in `{Sel,Upd,Ins,Del}PermInfo` objects.
We have passed around these permission objects as function arguments to the schema building blocks since we first started dealing with permissions during the PDV refactor - see hasura/graphql-engine@5168b99e463199b1934d8645bd6cd37eddb64ae1 in hasura/graphql-engine#4111. This means that, for instance, `tableSelectionSet` has as its type:
```haskell
tableSelectionSet ::
forall b r m n.
MonadBuildSchema b r m n =>
SourceName ->
TableInfo b ->
SelPermInfo b ->
m (Parser 'Output n (AnnotatedFields b))
```
There are three reasons to change this.
1. We often pass a `Maybe (xPermInfo b)` instead of a proper `xPermInfo b`, and it's not clear what the intended semantics of this is. Some potential improvements on the data types involved are discussed in issue hasura/graphql-engine-mono#3125.
2. In most cases we also already pass a `TableInfo b`, and together with the `MonadRole` that is usually also in scope, this means that we could look up the required permissions regardless: so passing the permissions explicitly undermines the "single source of truth" principle. Breaking this principle also makes the code more difficult to read.
3. We are working towards role-based parsers (see hasura/graphql-engine-mono#2711), where the `{InputFields,Field,}Parser` objects are constructed in a role-invariant way, so that we have a single object that can be used for all roles. In particular, this means that the schema building blocks _need_ to be constructed in a role-invariant way. While this PR doesn't accomplish that, it does reduce the amount of role-specific arguments being passed, thus fixing hasura/graphql-engine-mono#3068.
Concretely, this PR simply drops the `xPermInfo b` argument from almost all schema building blocks. Instead these objects are looked up from the `TableInfo b` as-needed. The resulting code is considerably simpler and shorter.
One way to interpret this change is as follows. Before this PR, we figured out permissions at the top-level in `Hasura.GraphQL.Schema`, passing down the obtained `xPermInfo` objects as required. After this PR, we have a bottom-up approach where the schema building blocks themselves decide whether they want to be included for a particular role.
So this moves some permission logic out of `Hasura.GraphQL.Schema`, which is very complex.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/3608
GitOrigin-RevId: 51a744f34ec7d57bc8077667ae7f9cb9c4f6c962
2022-02-17 11:16:20 +03:00
|
|
|
pkArgs <- MaybeT $ primaryKeysArguments tableInfo
|
Remove circular dependency in schema building code
### Description
The main goal of this PR is, as stated, to remove the circular dependency in the schema building code. This cycle arises from the existence of remote relationships: when we build the schema for a source A, a remote relationship might force us to jump to the schema of a source B, or some remote schema. As a result, we end up having to do a dispatch from a "leaf" of the schema, similar to the one done at the root. In turn, this forces us to carry along in the schema a lot of information required for that dispatch, AND it forces us to import the instances in scope, creating an import loop.
As discussed in #4489, this PR implements the "dependency injection" solution: we pass to the schema a function to call to do the dispatch, and to get a generated field for a remote relationship. That way, this function can be chosen at the root level, and the leaves need not be aware of the overall context.
This PR grew a bit bigger than that, however; in an attempt to try and remove the `SourceCache` from the schema altogether, it changed a lot of functions across the schema building code, to thread along the `SourceInfo b` of the source being built. This avoids having to do cache lookups within a given source. A few cases remain, such as relay, that we might try to tackle in a subsequent PR.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/4557
GitOrigin-RevId: 9388e48372877520a72a9fd1677005df9f7b2d72
2022-05-27 20:21:22 +03:00
|
|
|
selection <- MaybeT $ tableSelectionSet sourceInfo tableInfo
|
2022-07-19 09:55:42 +03:00
|
|
|
tCase <- asks getter
|
2021-11-26 16:47:12 +03:00
|
|
|
lift $ do
|
2022-08-17 15:46:36 +03:00
|
|
|
tableGQLName <- getTableIdentifierName tableInfo
|
|
|
|
pkObjectName <- mkTypename $ applyTypeNameCaseIdentifier tCase $ mkTablePkColumnsInputTypeName tableGQLName
|
2021-11-26 16:47:12 +03:00
|
|
|
let pkFieldName = $$(litName "pk_columns")
|
2022-08-17 15:46:36 +03:00
|
|
|
pkObjectDesc = Description $ "primary key columns input for table: " <> toTxt tableName
|
2021-11-26 16:47:12 +03:00
|
|
|
pkParser = P.object pkObjectName (Just pkObjectDesc) pkArgs
|
|
|
|
argsParser = (,) <$> backendUpdate <*> P.field pkFieldName Nothing pkParser
|
|
|
|
pure $
|
2022-09-06 17:18:30 +03:00
|
|
|
P.setFieldParserOrigin (MOSourceObjId sourceName (AB.mkAnyBackend $ SMOTable @b tableName)) $
|
|
|
|
P.subselection fieldName description argsParser selection
|
|
|
|
<&> mkUpdateObject tableName columns updatePerms (Just tCase) . fmap MOutSinglerowObject
|
|
|
|
where
|
|
|
|
sourceName = _siName sourceInfo
|
|
|
|
tableName = tableInfoName tableInfo
|
2021-11-26 16:47:12 +03:00
|
|
|
|
|
|
|
mkUpdateObject ::
|
|
|
|
Backend b =>
|
|
|
|
TableName b ->
|
|
|
|
[ColumnInfo b] ->
|
|
|
|
UpdPermInfo b ->
|
2022-07-19 09:55:42 +03:00
|
|
|
(Maybe NamingCase) ->
|
2022-05-31 01:07:02 +03:00
|
|
|
( ( BackendUpdate b (UnpreparedValue b),
|
|
|
|
AnnBoolExp b (UnpreparedValue b)
|
2021-11-26 16:47:12 +03:00
|
|
|
),
|
2022-05-31 01:07:02 +03:00
|
|
|
MutationOutputG b (RemoteRelationshipField UnpreparedValue) (UnpreparedValue b)
|
2021-11-26 16:47:12 +03:00
|
|
|
) ->
|
2022-05-31 01:07:02 +03:00
|
|
|
AnnotatedUpdateG b (RemoteRelationshipField UnpreparedValue) (UnpreparedValue b)
|
2022-07-19 09:55:42 +03:00
|
|
|
mkUpdateObject _auTable _auAllCols updatePerms _auNamingConvention ((_auBackend, whereExp), _auOutput) =
|
2021-11-26 16:47:12 +03:00
|
|
|
AnnotatedUpdateG {..}
|
|
|
|
where
|
|
|
|
permissionFilter = fmap partialSQLExpToUnpreparedValue <$> upiFilter updatePerms
|
|
|
|
_auWhere = (permissionFilter, whereExp)
|
|
|
|
_auCheck = maybe annBoolExpTrue ((fmap . fmap) partialSQLExpToUnpreparedValue) $ upiCheck updatePerms
|