这是indexloc提供的服务,不要输入任何密码
Skip to content

do not account permission limit to aggregate queries (fix #1837) #2027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Apr 26, 2019
Merged

do not account permission limit to aggregate queries (fix #1837) #2027

merged 11 commits into from
Apr 26, 2019

Conversation

@rakeshkky
Copy link
Member

@rakeshkky rakeshkky commented Apr 18, 2019
edited
Loading

Description

Don't consider permission limit for querying aggregate fields. Only apply permission limit for selection fields.

Affected components

  • Server
  • Tests

Related Issues

fix #1837

Solution and Design

Apply permission limit only for nodes field of aggregate queries. Generated SQL uses UNNEST feature of Postgres to select nodes with permission limit.
SQL:-

SELECT
  json_build_object(
    'aggregate',
    json_build_object(
      'count',
      COUNT(*),
      'max',
      json_build_object('album_id', max("album_id"))
    ),
    'nodes',
    (
      SELECT
        coalesce(
          json_agg(
            "_11_sub_query"."nodes"
            ORDER BY
              "ob_col_1" ASC NULLS LAST,
              "ob_col_2" DESC NULLS FIRST
          ),
          '[]'
        )
      FROM
        (
          SELECT
            "_10_unnest_table"."nodes" AS "nodes",
            "_10_unnest_table"."ob_col_1" AS "ob_col_1",
            "_10_unnest_table"."ob_col_2" AS "ob_col_2"
          FROM
            UNNEST(
              array_agg("nodes"),
              array_agg("root.pg.album_id"),
              array_agg("root.ar.aggregate.order_by.count")
            ) AS "_10_unnest_table"("nodes", "ob_col_1", "ob_col_2")
          ORDER BY
              "ob_col_1" ASC NULLS LAST,
              "ob_col_2" DESC NULLS FIRST
          LIMIT
            10  -- permission limit
        ) AS "_11_sub_query"
    )
  ) AS "root"
FROM
--------------
--------------

Steps to test and verify

  • Define select permission on any table with a limit
  • Query aggregations with count and nodes
  • Permission limit should reflect in nodes selection but not aggregate count.

@rakeshkky rakeshkky requested a review from 0x777 as a code owner April 18, 2019 07:28
@netlify
Copy link

netlify bot commented Apr 18, 2019
edited
Loading

Deploy preview for hasura-docs ready!

Built with commit ce5aca8

https://deploy-preview-2027--hasura-docs.netlify.com

@hasura-bot
Copy link
Contributor

hasura-bot commented Apr 18, 2019

Review app for commit e999322 deployed to Heroku: https://hge-ci-pull-2027.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2027-e999322

@hasura-bot
Copy link
Contributor

hasura-bot commented Apr 18, 2019

Review app for commit f363d10 deployed to Heroku: https://hge-ci-pull-2027.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2027-f363d10

@dsandip dsandip added this to the release-candidates milestone Apr 22, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Apr 22, 2019

Review app for commit 422a41f deployed to Heroku: https://hge-ci-pull-2027.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2027-422a41f

@0x777
Copy link
Member

0x777 commented Apr 22, 2019
edited
Loading

@rakeshkky The order by expression used in json_agg must also be applied when limiting the results.

          SELECT
            "_10_unnest_table"."nodes" AS "nodes",
            "_10_unnest_table"."ob_col_1" AS "ob_col_1",
            "_10_unnest_table"."ob_col_2" AS "ob_col_2"
          FROM
            UNNEST(
              array_agg("nodes"),
              array_agg("root.pg.album_id"),
              array_agg("root.ar.aggregate.order_by.count")
            ) AS "_10_unnest_table"("nodes", "ob_col_1", "ob_col_2")
          ORDER BY
            "ob_col_1" ASC NULLS LAST,
            "ob_col_2" DESC NULLS FIRST
          LIMIT
            10  -- permission limit

@hasura-bot
Copy link
Contributor

hasura-bot commented Apr 24, 2019

Review app for commit fec521f deployed to Heroku: https://hge-ci-pull-2027.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2027-fec521f

@hasura-bot
Copy link
Contributor

hasura-bot commented Apr 25, 2019

Review app for commit 104a437 deployed to Heroku: https://hge-ci-pull-2027.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2027-104a437

@hasura-bot
Copy link
Contributor

hasura-bot commented Apr 25, 2019

Review app for commit ce5aca8 deployed to Heroku: https://hge-ci-pull-2027.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2027-ce5aca8

@0x777 0x777 merged commit 7779198 into hasura:master Apr 26, 2019
@hasura-bot
Copy link
Contributor

hasura-bot commented Apr 26, 2019

Review app https://hge-ci-pull-2027.herokuapp.com is deleted

@rakeshkky rakeshkky mentioned this pull request Jul 30, 2019
Merged
polRk pushed a commit to polRk/graphql-engine that referenced this pull request Feb 12, 2020
@rakeshkky @polRk
do not enforce permission limit in aggregations (fix hasura#1837) (ha…
833f5f4 
…sura#2027)
hasura-bot pushed a commit that referenced this pull request Jul 7, 2025
@danieljharvey @hasura-bot
Update changelog for v2025.07.07 (#2027)
84b564c 
<!-- The PR description should answer 2 important questions: -->

### What

Update changelog.

V3_GIT_ORIGIN_REV_ID: 1b23a835ef4015310d280ba3473233be3f23a930
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0x777 0x777 Awaiting requested review from 0x777

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

release-candidates

Development

Successfully merging this pull request may close these issues.

Select permissions limit inteferes with our aggregate field count value

4 participants

@rakeshkky @hasura-bot @0x777 @dsandip