GraphQL - extend permissions checking #3442

Premwoik · 2021-12-10T08:49:53Z

This PR addresses MIM-1554 and extends the mongoose_graphql_permissions module to support fields, interfaces and to check deeper.

codecov · 2021-12-10T08:59:16Z

Codecov Report

Merging #3442 (f491972) into feature/graphql (41e9b91) will increase coverage by 0.04%.
The diff coverage is 90.90%.

@@                 Coverage Diff                 @@
##           feature/graphql    #3442      +/-   ##
===================================================
+ Coverage            80.80%   80.84%   +0.04%     
===================================================
  Files                  424      424              
  Lines                32510    32529      +19     
===================================================
+ Hits                 26269    26298      +29     
+ Misses                6241     6231      -10

Impacted Files	Coverage Δ
src/mongoose_graphql.erl	`90.47% <ø> (ø)`
.../mongoose_graphql/mongoose_graphql_permissions.erl	`89.74% <90.90%> (+4.74%)`	⬆️
src/mod_roster_riak.erl	`81.53% <0.00%> (-15.39%)`	⬇️
src/http_upload/mod_http_upload.erl	`94.62% <0.00%> (-2.16%)`	⬇️
src/mod_muc_log.erl	`78.11% <0.00%> (ø)`
src/pubsub/mod_pubsub.erl	`73.37% <0.00%> (+0.05%)`	⬆️
src/ejabberd_c2s.erl	`89.04% <0.00%> (+0.14%)`	⬆️
src/mod_muc_room.erl	`77.26% <0.00%> (+0.17%)`	⬆️
src/mod_muc_rdbms.erl	`95.93% <0.00%> (+0.81%)`	⬆️
src/mod_muc.erl	`75.67% <0.00%> (+0.90%)`	⬆️
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 22b483c...f491972. Read the comment docs.

mongoose-im · 2021-12-10T09:09:17Z

small_tests_24 / small_tests / 32fb174
Reports root / small

small_tests_23 / small_tests / 32fb174
Reports root / small

dynamic_domains_mysql_redis_24 / mysql_redis / 32fb174
Reports root/ big
OK: 2733 / Failed: 0 / User-skipped: 203 / Auto-skipped: 0

dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / 32fb174
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

dynamic_domains_pgsql_mnesia_24 / pgsql_mnesia / 32fb174
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / 32fb174
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

ldap_mnesia_23 / ldap_mnesia / 32fb174
Reports root/ big
OK: 1526 / Failed: 0 / User-skipped: 386 / Auto-skipped: 0

ldap_mnesia_24 / ldap_mnesia / 32fb174
Reports root/ big
OK: 1526 / Failed: 0 / User-skipped: 386 / Auto-skipped: 0

internal_mnesia_24 / internal_mnesia / 32fb174
Reports root/ big
OK: 1611 / Failed: 0 / User-skipped: 301 / Auto-skipped: 0

mysql_redis_24 / mysql_redis / 32fb174
Reports root/ big
OK: 3132 / Failed: 0 / User-skipped: 200 / Auto-skipped: 0

pgsql_mnesia_24 / pgsql_mnesia / 32fb174
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / 32fb174
Reports root/ big
OK: 1904 / Failed: 0 / User-skipped: 313 / Auto-skipped: 0

mssql_mnesia_24 / odbc_mssql_mnesia / 32fb174
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

pgsql_mnesia_23 / pgsql_mnesia / 32fb174
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

riak_mnesia_24 / riak_mnesia / 32fb174
Reports root/ big
OK: 1750 / Failed: 0 / User-skipped: 314 / Auto-skipped: 0

mongoose-im · 2021-12-15T11:57:38Z

small_tests_24 / small_tests / 14e2a26
Reports root / small

small_tests_23 / small_tests / 14e2a26
Reports root / small

dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / 14e2a26
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

dynamic_domains_mysql_redis_24 / mysql_redis / 14e2a26
Reports root/ big
OK: 2733 / Failed: 0 / User-skipped: 203 / Auto-skipped: 0

dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / 14e2a26
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

ldap_mnesia_23 / ldap_mnesia / 14e2a26
Reports root/ big
OK: 1526 / Failed: 0 / User-skipped: 386 / Auto-skipped: 0

ldap_mnesia_24 / ldap_mnesia / 14e2a26
Reports root/ big
OK: 1526 / Failed: 0 / User-skipped: 386 / Auto-skipped: 0

internal_mnesia_24 / internal_mnesia / 14e2a26
Reports root/ big
OK: 1611 / Failed: 0 / User-skipped: 301 / Auto-skipped: 0

elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / 14e2a26
Reports root/ big
OK: 1904 / Failed: 0 / User-skipped: 313 / Auto-skipped: 0

pgsql_mnesia_24 / pgsql_mnesia / 14e2a26
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

pgsql_mnesia_23 / pgsql_mnesia / 14e2a26
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

mssql_mnesia_24 / odbc_mssql_mnesia / 14e2a26
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

mysql_redis_24 / mysql_redis / 14e2a26
Reports root/ big
OK: 3132 / Failed: 0 / User-skipped: 200 / Auto-skipped: 0

riak_mnesia_24 / riak_mnesia / 14e2a26
Reports root/ big
OK: 1750 / Failed: 0 / User-skipped: 314 / Auto-skipped: 0

chrzaszcz

Looks good!

test/mongoose_graphql_SUITE.erl

mongoose-im · 2021-12-17T10:28:16Z

small_tests_24 / small_tests / f491972
Reports root / small

small_tests_23 / small_tests / f491972
Reports root / small

dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / f491972
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / f491972
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

dynamic_domains_pgsql_mnesia_24 / pgsql_mnesia / f491972
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

ldap_mnesia_23 / ldap_mnesia / f491972
Reports root/ big
OK: 1526 / Failed: 0 / User-skipped: 386 / Auto-skipped: 0

dynamic_domains_mysql_redis_24 / mysql_redis / f491972
Reports root/ big
OK: 2733 / Failed: 0 / User-skipped: 203 / Auto-skipped: 0

internal_mnesia_24 / internal_mnesia / f491972
Reports root/ big
OK: 1611 / Failed: 0 / User-skipped: 301 / Auto-skipped: 0

ldap_mnesia_24 / ldap_mnesia / f491972
Reports root/ big
OK: 1580 / Failed: 4 / User-skipped: 386 / Auto-skipped: 0

sm_SUITE:parallel:messages_are_properly_flushed_during_resumption

{error,
  {{badmatch,
     {error,
       {connection_step_failed,
         {#Fun<sm_SUITE.11.68776247>,
          {client,
            <<"alicE_messages_are_properly_flushed_during_resumption_1385@localhost">>,
            escalus_tcp,<0.18507.1>,undefined,
            [{username,
               <<"alicE_messages_are_properly_flushed_during_resumption_1385">>},
             {server,<<"localhost">>},
             {password,<<"matygrysa">>},
             {stream_management,true},
             {host,<<"localhost">>},
             {stream_id,<<"fc482322bbc32bea">>}]},
          [{compression,[<<"zlib">>]},
           {starttls,true},
           {stream_management,true},
           {advanced_message_processing,true},
           {client_state_indication,false},
           {sasl_mechanisms,[<<"PLAIN">>]},
           {caps,undefined}]},
         {timeout,get_resumed}}}},
   [{sm_SUITE,'-messages_are_properly_flushed_during_resumption/1-fun-1-',
      3,
      [{file,"/home/circleci/project/big_tests/tests/sm_SUITE.erl"},
       {line,1226}]},
    {escalus_story,story,4,
      [{file,
         "/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
       {line,72}]},
    {test_server,ts_tc,3,[{file,"test_server.erl"},{line,1783}]},
    {test_server,run_test_case_eval1,6,
      [{file,"test_server.erl"},{line,1292}]},
    {test_server,run_test_case_eval,9,
      [{file,"test_server.erl"},{line,1224}]}]}}

Report log

sm_SUITE:parallel:messages_are_properly_flushed_during_resumption_p1_fsm_old

{error,
  {{badmatch,
     {error,
       {connection_step_failed,
         {#Fun<sm_SUITE.11.68776247>,
          {client,
            <<"alicE_messages_are_properly_flushed_during_resumption_p1_fsm_old_1387@localhost">>,
            escalus_tcp,<0.18509.1>,undefined,
            [{username,
               <<"alicE_messages_are_properly_flushed_during_resumption_p1_fsm_old_1387">>},
             {server,<<"localhost">>},
             {password,<<"matygrysa">>},
             {stream_management,true},
             {host,<<"localhost">>},
             {stream_id,<<"418f5f56d1849940">>}]},
          [{compression,[<<"zlib">>]},
           {starttls,true},
           {stream_management,true},
           {advanced_message_processing,true},
           {client_state_indication,false},
           {sasl_mechanisms,[<<"PLAIN">>]},
           {caps,undefined}]},
         {timeout,get_resumed}}}},
   [{sm_SUITE,
      '-messages_are_properly_flushed_during_resumption_p1_fsm_old/1-fun-1-',
      3,
      [{file,"/home/circleci/project/big_tests/tests/sm_SUITE.erl"},
       {line,1270}]},
    {escalus_story,story,4,
      [{file,
         "/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
       {line,72}]},
    {test_server,ts_tc,3,[{file,"test_server.erl"},{line,1783}]},
    {test_server,run_test_case_eval1,6,
      [{file,"test_server.erl"},{line,1292}]},
    {test_server,run_test_case_eval,9,
      [{file,"test_server.erl"},{line,1224}]}]}}

Report log

sm_SUITE:parallel:messages_are_properly_flushed_during_resumption_p1_fsm_old

{error,
  {{badmatch,
     {error,
       {connection_step_failed,
         {#Fun<sm_SUITE.11.68776247>,
          {client,
            <<"alicE_messages_are_properly_flushed_during_resumption_p1_fsm_old_1430@localhost">>,
            escalus_tcp,<0.19088.1>,undefined,
            [{username,
               <<"alicE_messages_are_properly_flushed_during_resumption_p1_fsm_old_1430">>},
             {server,<<"localhost">>},
             {password,<<"matygrysa">>},
             {stream_management,true},
             {host,<<"localhost">>},
             {stream_id,<<"4f9576c602643e4d">>}]},
          [{compression,[<<"zlib">>]},
           {starttls,true},
           {stream_management,true},
           {advanced_message_processing,true},
           {client_state_indication,false},
           {sasl_mechanisms,[<<"PLAIN">>]},
           {caps,undefined}]},
         {timeout,get_resumed}}}},
   [{sm_SUITE,
      '-messages_are_properly_flushed_during_resumption_p1_fsm_old/1-fun-1-',
      3,
      [{file,"/home/circleci/project/big_tests/tests/sm_SUITE.erl"},
       {line,1270}]},
    {escalus_story,story,4,
      [{file,
         "/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
       {line,72}]},
    {test_server,ts_tc,3,[{file,"test_server.erl"},{line,1783}]},
    {test_server,run_test_case_eval1,6,
      [{file,"test_server.erl"},{line,1292}]},
    {test_server,run_test_case_eval,9,
      [{file,"test_server.erl"},{line,1224}]}]}}

Report log

sm_SUITE:parallel:messages_are_properly_flushed_during_resumption_p1_fsm_old

{error,
  {{badmatch,
     {error,
       {connection_step_failed,
         {#Fun<sm_SUITE.11.68776247>,
          {client,
            <<"alicE_messages_are_properly_flushed_during_resumption_p1_fsm_old_1474@localhost">>,
            escalus_tcp,<0.19605.1>,undefined,
            [{username,
               <<"alicE_messages_are_properly_flushed_during_resumption_p1_fsm_old_1474">>},
             {server,<<"localhost">>},
             {password,<<"matygrysa">>},
             {stream_management,true},
             {host,<<"localhost">>},
             {stream_id,<<"a1689a6ae260382e">>}]},
          [{compression,[<<"zlib">>]},
           {starttls,true},
           {stream_management,true},
           {advanced_message_processing,true},
           {client_state_indication,false},
           {sasl_mechanisms,[<<"PLAIN">>]},
           {caps,undefined}]},
         {timeout,get_resumed}}}},
   [{sm_SUITE,
      '-messages_are_properly_flushed_during_resumption_p1_fsm_old/1-fun-1-',
      3,
      [{file,"/home/circleci/project/big_tests/tests/sm_SUITE.erl"},
       {line,1270}]},
    {escalus_story,story,4,
      [{file,
         "/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
       {line,72}]},
    {test_server,ts_tc,3,[{file,"test_server.erl"},{line,1783}]},
    {test_server,run_test_case_eval1,6,
      [{file,"test_server.erl"},{line,1292}]},
    {test_server,run_test_case_eval,9,
      [{file,"test_server.erl"},{line,1224}]}]}}

Report log

pgsql_mnesia_23 / pgsql_mnesia / f491972
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / f491972
Reports root/ big
OK: 1904 / Failed: 0 / User-skipped: 313 / Auto-skipped: 0

pgsql_mnesia_24 / pgsql_mnesia / f491972
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

mysql_redis_24 / mysql_redis / f491972
Reports root/ big
OK: 3132 / Failed: 0 / User-skipped: 200 / Auto-skipped: 0

mssql_mnesia_24 / odbc_mssql_mnesia / f491972
Reports root/ big
OK: 3142 / Failed: 1 / User-skipped: 195 / Auto-skipped: 0

muc_SUITE:register:user_changes_nick

{error,
  {{assertion_failed,assert,is_iq_result,
     [{xmlel,<<"iq">>,
        [{<<"type">>,<<"set">>},
         {<<"id">>,<<"fe27104ad32912191c7e0579f33c9773">>},
         {<<"to">>,<<"muc.localhost">>}],
        [{xmlel,<<"query">>,
           [{<<"xmlns">>,<<"jabber:iq:register">>}],
           [{xmlel,<<"x">>,
            [{<<"xmlns">>,<<"jabber:x:data">>},
             {<<"type">>,<<"submit">>}],
            [{xmlel,<<"field">>,
               [{<<"type">>,<<"hidden">>},
                {<<"var">>,<<"FORM_TYPE">>}],
               [{xmlel,<<"value">>,[],
                  [{xmlcdata,<<"jabber:iq:register">>}]}]},
             {xmlel,<<"field">>,
               [{<<"type">>,<<"text-single">>},
                {<<"var">>,<<"nick">>}],
               [{xmlel,<<"value">>,[],
                  [{xmlcdata,
                     <<"thirdwitch1room-e4bc6fa49d">>}]}]}]}]}]}],
     {xmlel,<<"iq">>,
       [{<<"from">>,<<"muc.localhost">>},
        {<<"to">>,<<"alicE_user_changes_nick_1801@localhost/res1">>},
        {<<"type">>,<<"error">>},
        {<<"xml:lang">>,<<"en">>},
        {<<"id">>,<<"fe27104ad32912191c7e0579f33c9773">>}],
       [{xmlel,<<"query">>,
          [{<<"xmlns">>,<<"jabber:iq:register">>}],
          [{xmlel,<<"x">>,
             [{<<"xmlns">>,<<"jabber:x:data">>},
            {<<"type">>,<<"submit">>}],
             [{xmlel,<<"field">>,
              [{<<"type">>,<<"hidden">>},
               {<<"var">>,<<"FORM_TYPE">>}],
              [{xmlel,<<"value">>,...

Report log

riak_mnesia_24 / riak_mnesia / f491972
Reports root/ big
OK: 1750 / Failed: 0 / User-skipped: 314 / Auto-skipped: 0

small_tests_24 / small_tests / f491972
Reports root / small

small_tests_23 / small_tests / f491972
Reports root / small

dynamic_domains_pgsql_mnesia_23 / pgsql_mnesia / f491972
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

dynamic_domains_pgsql_mnesia_24 / pgsql_mnesia / f491972
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

dynamic_domains_mysql_redis_24 / mysql_redis / f491972
Reports root/ big
OK: 2733 / Failed: 0 / User-skipped: 203 / Auto-skipped: 0

dynamic_domains_mssql_mnesia_24 / odbc_mssql_mnesia / f491972
Reports root/ big
OK: 2750 / Failed: 0 / User-skipped: 186 / Auto-skipped: 0

ldap_mnesia_23 / ldap_mnesia / f491972
Reports root/ big
OK: 1526 / Failed: 0 / User-skipped: 386 / Auto-skipped: 0

ldap_mnesia_24 / ldap_mnesia / f491972
Reports root/ big
OK: 1526 / Failed: 0 / User-skipped: 386 / Auto-skipped: 0

internal_mnesia_24 / internal_mnesia / f491972
Reports root/ big
OK: 1611 / Failed: 0 / User-skipped: 301 / Auto-skipped: 0

pgsql_mnesia_23 / pgsql_mnesia / f491972
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

pgsql_mnesia_24 / pgsql_mnesia / f491972
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

mysql_redis_24 / mysql_redis / f491972
Reports root/ big
OK: 3132 / Failed: 0 / User-skipped: 200 / Auto-skipped: 0

elasticsearch_and_cassandra_24 / elasticsearch_and_cassandra_mnesia / f491972
Reports root/ big
OK: 1904 / Failed: 0 / User-skipped: 313 / Auto-skipped: 0

mssql_mnesia_24 / odbc_mssql_mnesia / f491972
Reports root/ big
OK: 3137 / Failed: 0 / User-skipped: 195 / Auto-skipped: 0

riak_mnesia_24 / riak_mnesia / f491972
Reports root/ big
OK: 1757 / Failed: 1 / User-skipped: 314 / Auto-skipped: 0

sm_SUITE:parallel_manual_ack_freq_1:resume_session_state_stop_c2s

{error,{thrown,{timeout,msg}}}

Report log

Premwoik changed the base branch from master to mim-graphql-poc December 10, 2021 08:50

This comment has been minimized.

Sign in to view

Premwoik force-pushed the graphql/extend-permissions-checking branch from 1fd84b3 to 32fb174 Compare December 10, 2021 09:00

mongoose-im mentioned this pull request Dec 10, 2021

CI build failures summary #3360

Closed

Premwoik marked this pull request as ready for review December 10, 2021 09:33

Base automatically changed from mim-graphql-poc to feature/graphql December 10, 2021 13:01

Premwoik added 2 commits December 15, 2021 10:50

Extend permissions module with fields, interfaces, and deeper check

8f7b380

Allow attaching @Protected directive to interfaces

52899da

Premwoik force-pushed the graphql/extend-permissions-checking branch from 32fb174 to 46d288d Compare December 15, 2021 09:52

This comment has been minimized.

Sign in to view

Test graphql permissions module

14e2a26

Premwoik force-pushed the graphql/extend-permissions-checking branch from 46d288d to 14e2a26 Compare December 15, 2021 11:49

Premwoik added the waiting-for-review label Dec 16, 2021

chrzaszcz approved these changes Dec 17, 2021

View reviewed changes

test/mongoose_graphql_SUITE.erl Outdated Show resolved Hide resolved

test/mongoose_graphql_SUITE.erl Outdated Show resolved Hide resolved

Apply review

f491972

chrzaszcz merged commit c218659 into feature/graphql Dec 17, 2021

chrzaszcz deleted the graphql/extend-permissions-checking branch December 17, 2021 12:26

chrzaszcz added this to the 6.0.0 milestone Dec 12, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GraphQL - extend permissions checking #3442

GraphQL - extend permissions checking #3442

Premwoik commented Dec 10, 2021

This comment has been minimized.

codecov bot commented Dec 10, 2021 •

edited

Loading

mongoose-im commented Dec 10, 2021 •

edited

Loading

This comment has been minimized.

mongoose-im commented Dec 15, 2021 •

edited

Loading

chrzaszcz left a comment

mongoose-im commented Dec 17, 2021 •

edited

Loading

GraphQL - extend permissions checking #3442

GraphQL - extend permissions checking #3442

Conversation

Premwoik commented Dec 10, 2021

This comment has been minimized.

codecov bot commented Dec 10, 2021 • edited Loading

Codecov Report

mongoose-im commented Dec 10, 2021 • edited Loading

This comment has been minimized.

mongoose-im commented Dec 15, 2021 • edited Loading

chrzaszcz left a comment

Choose a reason for hiding this comment

mongoose-im commented Dec 17, 2021 • edited Loading

codecov bot commented Dec 10, 2021 •

edited

Loading

mongoose-im commented Dec 10, 2021 •

edited

Loading

mongoose-im commented Dec 15, 2021 •

edited

Loading

mongoose-im commented Dec 17, 2021 •

edited

Loading