Version Information

Server Version: 2.11.1

Environment

OSS

What is the current behaviour?

If the non-root field of a remote schema has an argument, setting remote schema permission for that field does not include the argument. This has the effect that roles other than admin role won't be able to use that argument.

What is the expected behaviour?

Setting permission on a field must include any arguments that field contains similar to how arguments for root fields are handled.

How to reproduce the issue?

1. Connect a remote schema to Hasura that has the following GraphQL schema:

type Book {
  title: String
  author: String
  category: Category
}

type Author {
  name: String
  books(category: Category): [Book]
}

enum Category { science, fiction }

type Query {
  authors: [Author]
}

2. Add a permission to that remote schema as shown in the image below:

3. Execute the following GraphQL query for the admin role -

{
  authors {
    books(category: fiction) {
      title
    }
  }
}

4. Execute the same GraphQL query for the user role and observer the error -

{
  "errors": [
    {
      "extensions": {
        "code": "validation-failed",
        "path": "$.selectionSet.authors.selectionSet.books"
      },
      "message": "'books' has no argument named 'category'"
    }
  ]
}

Any possible solutions?

The issue happens because console does not send the proper schema to the backend. Therefore, the permissions for remote schema in the metadata will have the following GraphQL type -

type Author {
  books: [Book]
  name: String
}

when it should have been -

type Author {
  books(category: Category): [Book]
  name: String
}

Sending the proper schema to the backend would fix the problem.

Keywords

remote schema permission