graphql icon indicating copy to clipboard operation
graphql copied to clipboard

Published 20 hours ago verified publisher icon neo4j

Relationship types are not being escaped using backticks

Open darrellwarde opened this issue 2 years ago • 5 comments

Hey @tbwiss I think I just figured it out I did this

 type PipingCon @exclude(operations: [UPDATE, DELETE]) @node(label: "PipingConnection") {
    conn_point_id: ID!
    sourceItem: PipingTargetItem! @relationship(type: "\`PipingConnection.TargetItem\`", direction: OUT)
  }
  type PipingTargetItem @exclude(operations: [UPDATE, DELETE]) {
    lineId: ID!
    targetItem: PipingCon! @relationship(type: "\`PipingConnection.TargetItem\`", direction: IN)
  }

and it worked !

Originally posted by @TilakMaddy in https://github.com/neo4j/graphql/issues/1606#issuecomment-1161341959

darrellwarde avatar Jun 21 '22 12:06 darrellwarde

Much like we do with labels, it shouldn't be on our users to escape relationship types.

darrellwarde avatar Jun 21 '22 12:06 darrellwarde

We've been able to confirm this bug using the steps to reproduce that you provided - many thanks @darrellwarde! :pray: We will now prioritise the bug and address it appropriately.

neo4j-team-graphql avatar Jun 21 '22 12:06 neo4j-team-graphql

Recently I encountered a similar problem when defining roles in authentication. We currently define the roles as string values, but that's not really a good thing. This can lead to typos and many files have to be adjusted when renaming.

AccsoSG avatar Jun 22 '22 15:06 AccsoSG

Recently I encountered a similar problem when defining roles in authentication. We currently define the roles as string values, but that's not really a good thing. This can lead to typos and many files have to be adjusted when renaming.

Hey @AccsoSG, can you give an example (or raise a bug report) of what you mean by this? Will be helpful for us to understand and fix! 🙂

darrellwarde avatar Jun 23 '22 15:06 darrellwarde

@darrellwarde Sorry for the late reply.

For example, I declared a type with the following auth rules:

extend type FormatFamily
  @auth(
    rules: [
      { roles: ["ReadOnlyUser"], operations: [READ] }
      { roles: ["Planner"], operations: [READ, CONNECT, DISCONNECT] }
      { roles: ["PowerUser"], operations: [READ, CREATE, UPDATE, DELETE, CONNECT, DISCONNECT] }
      {
        roles: ["TechnicalAdmin"]
        operations: [READ, CREATE, UPDATE, DELETE, CONNECT, DISCONNECT]
      }
    ]
  )

In addition, I have declared many more types with the @auth directive and the same roles. The roles are passed as strings. At this point it would be easier to use an enum to avoid typos. So in the example instead of the string "Planner" an enum Role.Planner.

AccsoSG avatar Jul 05 '22 09:07 AccsoSG

This particular escaping issue is now resolved in 4.0.0.

On your issue above @AccsoSG, maybe try the new @authorization directive and defining your @jwt type with the roles field as an enum? I have a feeling that might actually work! Otherwise, feel free to raise a feature request.

darrellwarde avatar Aug 18 '23 07:08 darrellwarde