graphql-engine
graphql-engine copied to clipboard
hasura
Root in select permissions changes when the table/view is used in query conditions
Version Information
Server Version: 2.2.0 to 2.11.2 CLI Version (for CLI related issue):
Environment
What is the current behaviour?
Created a select permission in deal table, the $(root) is treated as deal when we query from deal table.
{"offer":{"modified":{"_clt":["$","published"]}}}
However, if I try to use deal in query condition from another table, the root becomes where it's queried from
query merchant {
merchant(where: {_and:{offers: { deal: {} }}}) {
id
}
the error is saying "message": "column merchant.published does not exist",
What is the expected behaviour?
$(root) should always be treated as the current deal.
How to reproduce the issue?
- Create 3 tables - merchant, offer, deal they are 1-many(merchant - many offer, offer - many deals)
- Create permission on deal which will compare a value on offer with a value on deal
e.g
{"offer":{"modified":{"_clt":["$","published"]}}} - Make a query from merchant
query merchant {
merchant(where: {_and:{offers: { deal: {} }}}) {
id
}
Screenshots or Screencast
Please provide any traces or logs that could help here.
{
"errors": [
{
"extensions": {
"code": "unexpected",
"internal": {
"arguments": [
"(Oid 114,Just (\"{\\\"x-hasura-role\\\":\\\"anonymous\\\",\\\"x-hasura-user-id\\\":\\\"******\\\"}\",Binary))"
],
"error": {
"description": null,
"exec_status": "FatalError",
"hint": null,
"message": "column merchant.published does not exist",
"status_code": "42703"
},
"prepared": true,
"statement": "SELECT coalesce(json_agg(\"root\" ), '[]' ) AS \"root\" FROM (SELECT row_to_json((SELECT \"_e\" FROM (SELECT \"_root.base\".\"id\" AS \"id\", \"_root.base\".\"name\" AS \"name\", \"_root.base\".\"logo_url\" AS \"logoUrl\", \"_root.ar.root.offers\".\"offers\" AS \"offers\" ) AS \"_e\" ) ) AS \"root\" FROM (SELECT * FROM \"public\".\"merchant\" WHERE ((EXISTS (SELECT 1 FROM \"public\".\"offer\" WHERE ((EXISTS (SELECT 1 FROM \"public\".\"deal_view\" WHERE ((((\"public\".\"deal_view\".\"id\") IS NOT NULL) AND ('true')) AND ('true')) )) AND ('true')) )) AND (EXISTS (SELECT 1 FROM \"public\".\"offer\" AS \"__be_0_offer\" WHERE ((((\"__be_0_offer\".\"merchant_id\") = (\"public\".\"merchant\".\"id\")) AND ('true')) AND (((EXISTS (SELECT 1 FROM \"public\".\"deal_view\" WHERE ('true') )) AND ('true')) AND (((((EXISTS (SELECT 1 FROM \"public\".\"deal_view\" AS \"__be_1_deal_view\" WHERE ((((\"__be_1_deal_view\".\"offer_id\") = (\"__be_0_offer\".\"id\")) AND ('true')) AND ((((((((\"__be_1_deal_view\".\"archived\") = (('false')::boolean)) OR (((\"__be_1_deal_view\".\"archived\") IS NULL) AND ((('false')::boolean) IS NULL))) AND ('true')) AND ('true')) AND ((((((\"__be_1_deal_view\".\"hidden\") = (('false')::boolean)) OR (((\"__be_1_deal_view\".\"hidden\") IS NULL) AND ((('false')::boolean) IS NULL))) AND ('true')) AND ('true')) AND (((EXISTS (SELECT 1 FROM \"public\".\"offer\" AS \"__be_2_offer\" WHERE ((((\"__be_2_offer\".\"id\") = (\"__be_1_deal_view\".\"offer_id\")) AND ('true')) AND ((((\"__be_2_offer\".\"modified\") < (\"public\".\"merchant\".\"published\")) AND ('true')) AND ('true'))) )) AND ('true')) AND (((((\"__be_1_deal_view\".\"scheduled_from\") < (('now()')::timestamptz)) AND ('true')) AND ('true')) AND (((((((\"__be_1_deal_view\".\"budget\") IS NULL) AND ('true')) AND ('true')) OR (((EXISTS (SELECT 1 FROM \"public\".\"deal_redeemed_value\" AS \"__be_3_deal_redeemed_value\" WHERE ((((\"__be_3_deal_redeemed_value\".\"coop_id\") = (\"__be_1_deal_view\".\"id\")) AND ('true')) AND ((((\"__be_3_deal_redeemed_value\".\"sum\") < (\"public\".\"merchant\".\"budget\")) AND ('true')) AND ('true'))) )) AND ('true')) OR ('false'))) AND ('true')) AND ('true')))))) AND ('true')) AND (('true') AND ('true')))) )) AND ('true')) AND ('true')) AND ('true')) AND ('true')))) ))) ) AS \"_root.base\" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg(\"offers\" ), '[]' ) AS \"offers\" FROM (SELECT row_to_json((SELECT \"_e\" FROM (SELECT \"_root.ar.root.offers.ar.offers.deal_view\".\"deal_view\" AS \"deal_view\" ) AS \"_e\" ) ) AS \"offers\" FROM (SELECT * FROM \"public\".\"offer\" WHERE (((\"_root.base\".\"id\") = (\"merchant_id\")) AND (EXISTS (SELECT 1 FROM \"public\".\"deal_view\" WHERE ('true') ))) ) AS \"_root.ar.root.offers.base\" LEFT OUTER JOIN LATERAL (SELECT coalesce(json_agg(\"deal_view\" ), '[]' ) AS \"deal_view\" FROM (SELECT row_to_json((SELECT \"_e\" FROM (SELECT \"_root.ar.root.offers.ar.offers.deal_view.base\".\"id\" AS \"id\", \"_root.ar.root.offers.ar.offers.deal_view.base\".\"published\" AS \"published\" ) AS \"_e\" ) ) AS \"deal_view\" FROM (SELECT * FROM \"public\".\"deal_view\" WHERE (((\"_root.ar.root.offers.base\".\"id\") = (\"offer_id\")) AND ((((\"public\".\"deal_view\".\"archived\") = (('false')::boolean)) OR (((\"public\".\"deal_view\".\"archived\") IS NULL) AND ((('false')::boolean) IS NULL))) AND ((((\"public\".\"deal_view\".\"hidden\") = (('false')::boolean)) OR (((\"public\".\"deal_view\".\"hidden\") IS NULL) AND ((('false')::boolean) IS NULL))) AND ((EXISTS (SELECT 1 FROM \"public\".\"offer\" AS \"__be_0_offer\" WHERE ((((\"__be_0_offer\".\"id\") = (\"public\".\"deal_view\".\"offer_id\")) AND ('true')) AND ((((\"__be_0_offer\".\"modified\") < (\"public\".\"deal_view\".\"published\")) AND ('true')) AND ('true'))) )) AND (((\"public\".\"deal_view\".\"scheduled_from\") < (('now()')::timestamptz)) AND (((\"public\".\"deal_view\".\"budget\") IS NULL) OR (EXISTS (SELECT 1 FROM \"public\".\"deal_redeemed_value\" AS \"__be_1_deal_redeemed_value\" WHERE ((((\"__be_1_deal_redeemed_value\".\"coop_id\") = (\"public\".\"deal_view\".\"id\")) AND ('true')) AND ((((\"__be_1_deal_redeemed_value\".\"sum\") < (\"public\".\"deal_view\".\"budget\")) AND ('true')) AND ('true'))) )))))))) ) AS \"_root.ar.root.offers.ar.offers.deal_view.base\" ) AS \"_root.ar.root.offers.ar.offers.deal_view\" ) AS \"_root.ar.root.offers.ar.offers.deal_view\" ON ('true') ) AS \"_root.ar.root.offers\" ) AS \"_root.ar.root.offers\" ON ('true') ) AS \"_root\" "
},
"path": "$"
},
"message": "database query error"
}
]
}
