-
-
Notifications
You must be signed in to change notification settings - Fork 104
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #477 from supabase/or/function_return_row_must_be_…
…selectable If a Function returns a table type, the table must be selectable
- Loading branch information
Showing
3 changed files
with
221 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,128 @@ | ||
| begin; | ||
| create table account( | ||
| id serial primary key, | ||
| email varchar(255) not null | ||
| ); | ||
| create function returns_account() | ||
| returns account language sql stable | ||
| as $$ select id, email from account; $$; | ||
| insert into account(email) | ||
| values | ||
| ('[email protected]'); | ||
| create role anon; | ||
| grant usage on schema graphql to anon; | ||
| grant select on account to anon; | ||
| savepoint a; | ||
| set local role anon; | ||
| -- Should be visible | ||
| select jsonb_pretty( | ||
| graphql.resolve($$ | ||
| { | ||
| __type(name: "Account") { | ||
| __typename | ||
| } | ||
| } | ||
| $$) | ||
| ); | ||
| jsonb_pretty | ||
| ------------------------------------- | ||
| { + | ||
| "data": { + | ||
| "__type": { + | ||
| "__typename": "Account"+ | ||
| } + | ||
| } + | ||
| } | ||
| (1 row) | ||
|
|
||
| -- Should show an entrypoint on Query for returnAccount | ||
| select jsonb_pretty( | ||
| graphql.resolve($$ | ||
| query IntrospectionQuery { | ||
| __schema { | ||
| queryType { | ||
| fields { | ||
| name | ||
| } | ||
| } | ||
| } | ||
| } | ||
| $$) | ||
| ); | ||
| jsonb_pretty | ||
| ----------------------------------------------------- | ||
| { + | ||
| "data": { + | ||
| "__schema": { + | ||
| "queryType": { + | ||
| "fields": [ + | ||
| { + | ||
| "name": "accountCollection"+ | ||
| }, + | ||
| { + | ||
| "name": "node" + | ||
| }, + | ||
| { + | ||
| "name": "returnsAccount" + | ||
| } + | ||
| ] + | ||
| } + | ||
| } + | ||
| } + | ||
| } | ||
| (1 row) | ||
|
|
||
| rollback to a; | ||
| revoke select on account from anon; | ||
| set local role anon; | ||
| -- We should no longer see "Account" types after revoking access | ||
| select jsonb_pretty( | ||
| graphql.resolve($$ | ||
| { | ||
| __type(name: "Account") { | ||
| __typename | ||
| } | ||
| } | ||
| $$) | ||
| ); | ||
| jsonb_pretty | ||
| ------------------------ | ||
| { + | ||
| "data": { + | ||
| "__type": null+ | ||
| } + | ||
| } | ||
| (1 row) | ||
|
|
||
| -- We should no longer see returnAccount since it references an unknown return type "Account" | ||
| select jsonb_pretty( | ||
| graphql.resolve($$ | ||
| query IntrospectionQuery { | ||
| __schema { | ||
| queryType { | ||
| fields { | ||
| name | ||
| } | ||
| } | ||
| } | ||
| } | ||
| $$) | ||
| ); | ||
| jsonb_pretty | ||
| ---------------------------------------- | ||
| { + | ||
| "data": { + | ||
| "__schema": { + | ||
| "queryType": { + | ||
| "fields": [ + | ||
| { + | ||
| "name": "node"+ | ||
| } + | ||
| ] + | ||
| } + | ||
| } + | ||
| } + | ||
| } | ||
| (1 row) | ||
|
|
||
| rollback; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| begin; | ||
|
|
||
| create table account( | ||
| id serial primary key, | ||
| email varchar(255) not null | ||
| ); | ||
|
|
||
| create function returns_account() | ||
| returns account language sql stable | ||
| as $$ select id, email from account; $$; | ||
|
|
||
| insert into account(email) | ||
| values | ||
| ('[email protected]'); | ||
|
|
||
|
|
||
| create role anon; | ||
| grant usage on schema graphql to anon; | ||
| grant select on account to anon; | ||
|
|
||
| savepoint a; | ||
|
|
||
| set local role anon; | ||
|
|
||
| -- Should be visible | ||
| select jsonb_pretty( | ||
| graphql.resolve($$ | ||
| { | ||
| __type(name: "Account") { | ||
| __typename | ||
| } | ||
| } | ||
| $$) | ||
| ); | ||
|
|
||
| -- Should show an entrypoint on Query for returnAccount | ||
| select jsonb_pretty( | ||
| graphql.resolve($$ | ||
| query IntrospectionQuery { | ||
| __schema { | ||
| queryType { | ||
| fields { | ||
| name | ||
| } | ||
| } | ||
| } | ||
| } | ||
| $$) | ||
| ); | ||
|
|
||
| rollback to a; | ||
|
|
||
| revoke select on account from anon; | ||
| set local role anon; | ||
|
|
||
| -- We should no longer see "Account" types after revoking access | ||
| select jsonb_pretty( | ||
| graphql.resolve($$ | ||
| { | ||
| __type(name: "Account") { | ||
| __typename | ||
| } | ||
| } | ||
| $$) | ||
| ); | ||
|
|
||
| -- We should no longer see returnAccount since it references an unknown return type "Account" | ||
| select jsonb_pretty( | ||
| graphql.resolve($$ | ||
| query IntrospectionQuery { | ||
| __schema { | ||
| queryType { | ||
| fields { | ||
| name | ||
| } | ||
| } | ||
| } | ||
| } | ||
| $$) | ||
| ); | ||
|
|
||
| rollback; |