Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generate mutation returning types only if permissions are defined (fix #340) #341

Merged
merged 2 commits into from
Sep 3, 2018
Merged

generate mutation returning types only if permissions are defined (fix #340) #341

merged 2 commits into from
Sep 3, 2018

Conversation

rakeshkky
Copy link
Member

No description provided.

@rakeshkky rakeshkky added s/ok-to-merge Status: This pull request can be merged to master c/server Related to server e/quickfix can be wrapped up in few hours labels Aug 31, 2018
@rakeshkky rakeshkky self-assigned this Aug 31, 2018
@rakeshkky rakeshkky requested a review from 0x777 August 31, 2018 15:06
@hasura-bot
Copy link
Contributor

Review app available at: https://hge-ci-pull-341.herokuapp.com

0x777
0x777 reviewed Sep 2, 2018
View reviewed changes
server/src-lib/Hasura/GraphQL/Schema.hs Outdated
@@ -319,10 +319,13 @@ type table_mutation_response {
-}
mkMutRespObj
:: QualifiedTable
-> Maybe () -- sel perm
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use a Bool

@shahidhk shahidhk changed the title do not generate returning type in mutation response if select permission is not defined (fix #340) generate mutation returning types only if permissions are define (fix #340) Sep 3, 2018
@shahidhk shahidhk changed the title generate mutation returning types only if permissions are define (fix #340) generate mutation returning types only if permissions are defined (fix #340) Sep 3, 2018
@hasura-bot
Copy link
Contributor

Review app available at: https://hge-ci-pull-341.herokuapp.com

@0x777 0x777 merged commit 10edb43 into hasura:master Sep 3, 2018
@hasura-bot
Copy link
Contributor

Review app https://hge-ci-pull-341.herokuapp.com is deleted

karthikvt26 pushed a commit to karthikvt26/graphql-engine that referenced this pull request Sep 5, 2018
@rakeshkky @karthikvt26
'reload_metadata' query type (#1)
f8169cb 
* add a query to reload schema cache (metadata), close hasura#292

* minor code refactor

* simpler root level select fields using primary keys (fix hasura#304) (hasura#306)

* select fields by primary key col values as argument values, fix hasura#304

* change field name 'table_by_pkey' to 'table_by_pk'

* add links to share and help (hasura#303)

* add req_user_id as alias to x-hasura-user-id (fix hasura#317) (hasura#320)

* fix insert fails for non-admin roles on v1/query  (fix hasura#327) (hasura#328)

* fix insert fails for non-admin roles on v1/query, fix hasura#327

* add test case for user role upsert usint constraint name

* mutation return type and query type are same (close hasura#315) (hasura#324)

* add support for jwt authorization (close hasura#186) (hasura#255)

The API:
1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON.

2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}`
`type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io).
`key`:
  i. Incase of symmetric key, the key as it is.
  ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate.

3. The claims in the JWT token must contain the following:
  i. `x-hasura-default-role` field: default role of that user
  ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header.

4. The claims in the JWT token,  can have other `x-hasura-*` fields where their values can only be strings.

5. The JWT tokens are sent as `Authorization: Bearer <token>` headers.

---
To test:
1. Generate a shared secret (for HMAC-SHA256) or RSA key pair.
2. Goto https://jwt.io/ , add the keys
3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions.
4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}`
5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header.

---
TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61

* compare only major and minor versions for cli-server (fix hasura#331) (hasura#332)

* Revert "add links to share and help (hasura#303)" (hasura#334)

This reverts commit 798efdd.

* update tests to use access key (close hasura#113) (hasura#296)

Closes hasura#113

* generate a returning field in a mutation only when the select permission is defined (fix hasura#340) (hasura#341)

* allow selectively updating columns on a conflict during insert (fix hasura#342)

* fix primary key changing on upsert, fix hasura#342

* add 'update_columns' in 'on_conflict' object, consider 'allowUpsert'

* 'ConflictCtx' type should respect upsert cases

* validation for not null fields in an object

* console: fix error notification non json, auto height css (hasura#354)
hasura-bot pushed a commit that referenced this pull request Mar 15, 2024
@purugupta99 @hasura-bot
add support for async span with parent context (#341)
a86d2d0 
V3_GIT_ORIGIN_REV_ID: f24ff08407a4f00787dfb76a72f9de072b5a02a2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0x777 0x777 0x777 approved these changes

Assignees

@rakeshkky rakeshkky

Labels
c/server Related to server e/quickfix can be wrapped up in few hours s/ok-to-merge Status: This pull request can be merged to master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rakeshkky @hasura-bot @0x777