graphql-shield icon indicating copy to clipboard operation
graphql-shield copied to clipboard

Published 20 hours ago • verified publisher icon maticzav

Support for an override, preflight, super rule

Open jure opened this issue 5 years ago • 3 comments

Feature request

Is your feature request related to a problem? Please describe

I have a large number of queries and mutations that the users can do in the application. I have a fallbackRule specified, in this specific case or(isAdmin, isEditor). The fallbackRule is only applied when no other rule exists which means I have to add an or(isAdmin, isEditor) to every rule I write. I would like to instead specify a rule that applies before all other rules instead, i.e. a preflight, override or super rule, which would apply to all queries, mutations or types.

Describe the solution you'd like

I'd like to specify a rule that runs before all other rules, i.e. a override: isAdmin rule.

Describe alternatives you've considered

  1. Specifying or(isAdmin, isEditor) for each written rule
  2. Modifying the permission object before it's passed to shield() to automatically apply the or(isAdmin, isEditor) rule to each key in the permission object. Seems a bit clunky.

I'd be happy to provide a MR if the feature is deemed useful!

jure avatar Sep 21 '20 20:09 jure

Hey @jure :wave:,

Thank you for opening an issue. We will get back to you as soon as we can. Also, check out our Open Collective and consider contributing financially.

https://opencollective.com/graphql-shield

PS.: We offer priority support for all financial contributors. Don't forget to add priority label once you start contributing :smile:

open-collective-bot[bot] avatar Sep 21 '20 20:09 open-collective-bot[bot]

In the mean time, I've solved it by modifying the permission object using loops going two levels down (recursion works but is not needed):

const addOverrideRule = permissions => {
  const adaptedPermissions = {}
  Object.keys(permissions).forEach(key1 => {
    const value = permissions[key1]
    if (value.constructor.name !== 'Object') {
      adaptedPermissions[key1] = or(fallbackRule, value)
    } else {
      adaptedPermissions[key1] = value
      Object.keys(value).forEach(key2 => {
        adaptedPermissions[key1][key2] = or(fallbackRule, value[key2])
      })
    }
  })
  return adaptedPermissions
}

jure avatar Sep 24 '20 07:09 jure

Hey 👋 ,

Thank you for being so patient with my response. I had a very similar idea. What I thought would be cool was if we extended and, or, and the like, so that they would accept objects and let you "subcompose" rules.

I think there might be a thread about it in one of the issues. I am not sure I have the resources and energy to do it by myself right now but would love to merge a PR or pair code over the weekend.

maticzav avatar Sep 29 '20 15:09 maticzav