Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Foreign keys on non-null columns should produce nullable GraphQL relationships due to RLS #409

Open
bryanmylee opened this issue Aug 23, 2023 · 4 comments
Open

Foreign keys on non-null columns should produce nullable GraphQL relationships due to RLS #409

bryanmylee opened this issue Aug 23, 2023 · 4 comments
Assignees
@imor
Labels
bug Something isn't working

Comments

@bryanmylee
Copy link
Contributor

In version 1.2.3, a bugfix was introduced to make relationships non-nullable if the foreign key column is non-nullable.

However due to RLS, it is possible that a non-nullable foreign key column produces a relationship that returns null.

My team recently faced this as we're building an access-control system that limits which entities a user can access. e.g. a user might have access to an entity with a non-nullable foreign key field subsystemId, but the administrator may disable view access to that specific subsystem. When performing the query:

fragment X on Component {
  subsystemId
  subsystem {
    id
    name
  }
}

...the user will receive subsystemId: "a5ff110a-4d69-4ea5-af83-d02086e9215f", but RLS prevents them from viewing the data on Subsystem:a5ff110a-4d69-4ea5-af83-d02086e9215f, resulting in the response:

{
  // -- snip --
  "subsystemId": "a5ff110a-4d69-4ea5-af83-d02086e9215f",
  "subsystem": null
}

Expected behavior
All GraphQL relationships should default to nullable, or a configuration setting should be provided to opt-in to nullable relationships by default.
@bryanmylee bryanmylee added the triage-required Pending triage from maintainers label Aug 23, 2023
@bryanmylee
Copy link
Contributor Author

Just verified that this indeed is the current behavior.

@bryanmylee bryanmylee reopened this Aug 23, 2023
@bryanmylee bryanmylee mentioned this issue Aug 23, 2023
Closed
@olirice olirice added bug Something isn't working and removed triage-required Pending triage from maintainers labels Aug 23, 2023
@olirice
Copy link
Contributor

olirice commented Aug 23, 2023

great point

we'll have to make it nullable when RLS is enabled

@bryanmylee
Copy link
Contributor Author

Thanks so much for all the great work you've done on pg_graphql!

@olirice
Copy link
Contributor

olirice commented Oct 18, 2023

Expanding the scope on this to:

  • Default all fkey linked relations to to nullable when RLS is enabled
  • add a comment directive @graphql({"nullable": <bool>}) on columns and foreign keys (including comment directive foreign keys) to allow overriding the default

@olirice olirice assigned imor and unassigned olirice Oct 18, 2023
@olirice olirice mentioned this issue Oct 24, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@imor imor

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@imor @olirice @bryanmylee