From 3cd28fb819275a95c6e4c4a3da8c0311b2a98ad2 Mon Sep 17 00:00:00 2001
From: rakeshkky <rakesh.emmadi21c@gmail.com>
Date: Thu, 1 Nov 2018 17:36:41 +0530
Subject: [PATCH 1/3] evaluate required headers from relational bool
 expression, fix #960

---
 .../Hasura/RQL/DDL/Permission/Internal.hs     |  4 +-
 .../artist_select_query_Track.yaml            | 19 +++++
 .../artist_select_query_Track_fail.yaml       | 18 +++++
 .../graphql_query/permissions/setup.yaml      | 76 +++++++++++++++++++
 .../queries/v1/metadata/export_metadata.yaml  | 26 +++----
 server/tests-py/test_graphql_queries.py       |  6 ++
 6 files changed, 133 insertions(+), 16 deletions(-)
 create mode 100644 server/tests-py/queries/graphql_query/permissions/artist_select_query_Track.yaml
 create mode 100644 server/tests-py/queries/graphql_query/permissions/artist_select_query_Track_fail.yaml

diff --git a/server/src-lib/Hasura/RQL/DDL/Permission/Internal.hs b/server/src-lib/Hasura/RQL/DDL/Permission/Internal.hs
index 09d7a3d2f5405..b089847e897e8 100644
--- a/server/src-lib/Hasura/RQL/DDL/Permission/Internal.hs
+++ b/server/src-lib/Hasura/RQL/DDL/Permission/Internal.hs
@@ -201,9 +201,7 @@ getDependentHeaders boolExp = case boolExp of
         | otherwise -> []
       _ -> []
     parseObject o = flip concatMap (M.toList o) $ \(k, v) ->
-                             if isRQLOp k
-                             then parseOnlyString v
-                             else []
+                      bool (parseValue v) (parseOnlyString v) $ isRQLOp k
 
 valueParser :: (MonadError QErr m) => PGColType -> Value -> m S.SQLExp
 valueParser columnType = \case
diff --git a/server/tests-py/queries/graphql_query/permissions/artist_select_query_Track.yaml b/server/tests-py/queries/graphql_query/permissions/artist_select_query_Track.yaml
new file mode 100644
index 0000000000000..3e71b86909903
--- /dev/null
+++ b/server/tests-py/queries/graphql_query/permissions/artist_select_query_Track.yaml
@@ -0,0 +1,19 @@
+description: Artist can only select his/her tracks.
+url: /v1alpha1/graphql
+status: 200
+headers:
+  X-Hasura-Role: Artist
+  X-Hasura-Artist-Id: '2'
+response:
+  data:
+    Track:
+    - id: 3
+      name: Happy
+query:
+  query: |
+    query {
+      Track {
+        id
+        name
+      }
+    }
diff --git a/server/tests-py/queries/graphql_query/permissions/artist_select_query_Track_fail.yaml b/server/tests-py/queries/graphql_query/permissions/artist_select_query_Track_fail.yaml
new file mode 100644
index 0000000000000..96cc8d688c12b
--- /dev/null
+++ b/server/tests-py/queries/graphql_query/permissions/artist_select_query_Track_fail.yaml
@@ -0,0 +1,18 @@
+description: Artist can only select his/her tracks. Without sending header (Error)
+url: /v1alpha1/graphql
+status: 400
+headers:
+  X-Hasura-Role: Artist
+response:
+  errors:
+  - path: "$"
+    error: '"x-hasura-artist-id" header is expected but not found'
+    code: not-found
+query:
+  query: |
+    query {
+      Track {
+        id
+        name
+      }
+    }
diff --git a/server/tests-py/queries/graphql_query/permissions/setup.yaml b/server/tests-py/queries/graphql_query/permissions/setup.yaml
index 6d72cbde6b10a..5f73031f6836d 100644
--- a/server/tests-py/queries/graphql_query/permissions/setup.yaml
+++ b/server/tests-py/queries/graphql_query/permissions/setup.yaml
@@ -168,3 +168,79 @@ args:
       content: Sample article content 4
       author_id: 3
       is_published: false
+
+#Create Artist table
+- type: run_sql
+  args:
+    sql: |
+      CREATE TABLE "Artist" (
+        id serial PRIMARY KEY ,
+        name text NOT NULL
+      );
+
+- type: track_table
+  args:
+    schema: public
+    name: Artist
+
+#Crete Track table
+- type: run_sql
+  args:
+    sql: |
+      CREATE TABLE "Track" (
+        id serial PRIMARY KEY,
+        name text NOT NULL,
+        artist_id integer REFERENCES "Artist"("id")
+      );
+
+- type: track_table
+  args:
+    schema: public
+    name: Track
+
+# Insert data into Artist and Track table
+- type: insert
+  args:
+    table: Artist
+    objects:
+    - name: Camilla
+      id: 1
+    - name: DSP
+      id: 2
+    - name: Akon
+      id: 3
+
+- type: insert
+  args:
+    table: Track
+    objects:
+    - name: Keepup
+      artist_id: 1
+      id: 1
+    - name: Keepdown
+      artist_id: 1
+      id: 2
+    - name: Happy
+      artist_id: 2
+      id: 3
+
+#Object relationship Track::artist_id -> Artist::id
+- type: create_object_relationship
+  args:
+    name: Artist
+    table: Track
+    using:
+      foreign_key_constraint_on: artist_id
+
+#Create select permssion on Track
+- type: create_select_permission
+  args:
+    table: Track
+    role: Artist
+    permission:
+      columns: '*'
+      filter:
+        Artist:
+          id: X-Hasura-Artist-Id
+
+
diff --git a/server/tests-py/queries/v1/metadata/export_metadata.yaml b/server/tests-py/queries/v1/metadata/export_metadata.yaml
index ad81cbfbe4d42..44125473ce35f 100644
--- a/server/tests-py/queries/v1/metadata/export_metadata.yaml
+++ b/server/tests-py/queries/v1/metadata/export_metadata.yaml
@@ -1,35 +1,35 @@
-description: Reload schema cache (metadata)
+description: Export schema cache (metadata)
 url: /v1/query
 status: 200
 response:
-  query_templates: []
   tables:
   - table: author
+    object_relationships: []
     array_relationships:
-    - name: articles
-      using:
+    - using:
         foreign_key_constraint_on:
           column: author_id
           table: article
+      name: articles
       comment: List all articles of the author
-    select_permissions: []
-    object_relationships: []
-    event_triggers: []
     insert_permissions: []
+    select_permissions: []
     update_permissions: []
     delete_permissions: []
+    event_triggers: []
   - table: article
     object_relationships:
-    - name: author
-      using:
+    - using:
         foreign_key_constraint_on: author_id
-      comment: null
-    select_permissions: []
-    event_triggers: []
+      name: author
+      comment: 
+    array_relationships: []
     insert_permissions: []
+    select_permissions: []
     update_permissions: []
     delete_permissions: []
-    array_relationships: []
+    event_triggers: []
+  query_templates: []
 
 query:
   type: export_metadata
diff --git a/server/tests-py/test_graphql_queries.py b/server/tests-py/test_graphql_queries.py
index 011e20552ad30..df9dba2be8739 100644
--- a/server/tests-py/test_graphql_queries.py
+++ b/server/tests-py/test_graphql_queries.py
@@ -182,6 +182,12 @@ def test_anonymous_only_published_articles(self, hge_ctx):
     def test_user_cannot_access_remarks_col(self, hge_ctx):
         check_query_f(hge_ctx, self.dir() + '/user_cannot_access_remarks_col.yaml')
 
+    def test_artist_select_query_Track_fail(self, hge_ctx):
+        check_query_f(hge_ctx, self.dir() + '/artist_select_query_Track_fail.yaml')
+
+    def test_artist_select_query_Track(self, hge_ctx):
+        check_query_f(hge_ctx, self.dir() + '/artist_select_query_Track.yaml')
+
     @classmethod
     def dir(cls):
         return 'queries/graphql_query/permissions'

From f9f8bbd862d15af51ccf4a017cc8dba1aa84368a Mon Sep 17 00:00:00 2001
From: rakeshkky <rakesh.emmadi21c@gmail.com>
Date: Thu, 1 Nov 2018 17:58:29 +0530
Subject: [PATCH 2/3] fix tests

---
 .../queries/graphql_query/permissions/teardown.yaml    | 10 ++++++++++
 .../tests-py/queries/v1/metadata/export_metadata.yaml  |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/server/tests-py/queries/graphql_query/permissions/teardown.yaml b/server/tests-py/queries/graphql_query/permissions/teardown.yaml
index 2b72c359b5a5b..e47aac9c474d8 100644
--- a/server/tests-py/queries/graphql_query/permissions/teardown.yaml
+++ b/server/tests-py/queries/graphql_query/permissions/teardown.yaml
@@ -12,3 +12,13 @@ args:
     sql: |
       drop table author
     cascade: true
+
+- type: run_sql
+  args:
+    sql: |
+      drop table "Artist"
+
+- type: run_sql
+  args:
+    sql: |
+      drop table "Track"
diff --git a/server/tests-py/queries/v1/metadata/export_metadata.yaml b/server/tests-py/queries/v1/metadata/export_metadata.yaml
index 44125473ce35f..b545f2ff18baf 100644
--- a/server/tests-py/queries/v1/metadata/export_metadata.yaml
+++ b/server/tests-py/queries/v1/metadata/export_metadata.yaml
@@ -22,7 +22,7 @@ response:
     - using:
         foreign_key_constraint_on: author_id
       name: author
-      comment: 
+      comment: null
     array_relationships: []
     insert_permissions: []
     select_permissions: []

From cdab546ff46a5da35ef55765cc65ea58139c766e Mon Sep 17 00:00:00 2001
From: rakeshkky <rakesh.emmadi21c@gmail.com>
Date: Fri, 2 Nov 2018 14:32:08 +0530
Subject: [PATCH 3/3] fix tests failing

---
 .../queries/graphql_query/permissions/teardown.yaml         | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/tests-py/queries/graphql_query/permissions/teardown.yaml b/server/tests-py/queries/graphql_query/permissions/teardown.yaml
index e47aac9c474d8..0aee5a116a12c 100644
--- a/server/tests-py/queries/graphql_query/permissions/teardown.yaml
+++ b/server/tests-py/queries/graphql_query/permissions/teardown.yaml
@@ -16,9 +16,11 @@ args:
 - type: run_sql
   args:
     sql: |
-      drop table "Artist"
+      drop table "Track"
+    cascade: true
 
 - type: run_sql
   args:
     sql: |
-      drop table "Track"
+      drop table "Artist"
+    cascade: true