From d7d6963e09abecfacf2ca2d306c0587c73b6e4b1 Mon Sep 17 00:00:00 2001 From: Abner Tudtud <114082473+enjinabner@users.noreply.github.com> Date: Mon, 15 Jul 2024 18:26:52 +0800 Subject: [PATCH] [PLA-1891] Hide sensitive attributes from beam APIs (#85) --- src/GraphQL/Queries/GetBeamsQuery.php | 3 +-- src/GraphQL/Types/BeamType.php | 4 ++++ tests/Feature/GraphQL/Queries/GetBeamTest.php | 2 +- tests/Feature/GraphQL/Queries/GetBeamsTest.php | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/GraphQL/Queries/GetBeamsQuery.php b/src/GraphQL/Queries/GetBeamsQuery.php index 8b2725e..003aa1b 100644 --- a/src/GraphQL/Queries/GetBeamsQuery.php +++ b/src/GraphQL/Queries/GetBeamsQuery.php @@ -8,13 +8,12 @@ use Enjin\Platform\Beam\Services\BeamService; use Enjin\Platform\GraphQL\Middleware\ResolvePage; use Enjin\Platform\GraphQL\Types\Pagination\ConnectionInput; -use Enjin\Platform\Interfaces\PlatformPublicGraphQlOperation; use GraphQL\Type\Definition\ResolveInfo; use GraphQL\Type\Definition\Type; use Illuminate\Support\Arr; use Rebing\GraphQL\Support\Facades\GraphQL; -class GetBeamsQuery extends Query implements PlatformPublicGraphQlOperation +class GetBeamsQuery extends Query { use HasBeamCommonFields; diff --git a/src/GraphQL/Types/BeamType.php b/src/GraphQL/Types/BeamType.php index 679b90a..9a697f8 100644 --- a/src/GraphQL/Types/BeamType.php +++ b/src/GraphQL/Types/BeamType.php @@ -7,6 +7,7 @@ use Enjin\Platform\Beam\GraphQL\Traits\HasBeamCommonFields; use Enjin\Platform\Beam\Models\Beam; use Enjin\Platform\Beam\Services\BeamService; +use Enjin\Platform\GraphQL\Schemas\Traits\HasAuthorizableFields; use Enjin\Platform\GraphQL\Types\Pagination\ConnectionInput; use Enjin\Platform\Traits\HasSelectFields; use Illuminate\Pagination\Cursor; @@ -17,6 +18,7 @@ class BeamType extends Type { + use HasAuthorizableFields; use HasBeamCommonFields; use HasSelectFields; @@ -45,6 +47,7 @@ public function fields(): array 'code' => [ 'type' => GraphQL::type('String!'), 'description' => __('enjin-platform-beam::mutation.claim_beam.args.code'), + 'excludeFrom' => ['GetBeam', 'GetBeams'], ], ...$this->getCommonFields(), 'collection' => [ @@ -89,6 +92,7 @@ public function fields(): array }, 'selectable' => false, 'is_relation' => false, + 'excludeFrom' => ['GetBeam', 'GetBeams'], ], 'probabilities' => [ 'type' => GraphQL::type('Object'), diff --git a/tests/Feature/GraphQL/Queries/GetBeamTest.php b/tests/Feature/GraphQL/Queries/GetBeamTest.php index 31a045f..608388e 100644 --- a/tests/Feature/GraphQL/Queries/GetBeamTest.php +++ b/tests/Feature/GraphQL/Queries/GetBeamTest.php @@ -179,7 +179,7 @@ public function test_it_hides_code_field_when_unauthenticated() ]); $response = $this->graphql($this->method, ['code' => $this->beam->code], true); - $this->assertEquals('Cannot query field "code" on type "BeamClaim".', $response['error']); + $this->assertEquals('Cannot query field "code" on type "Beam".', $response['error']); config([ 'enjin-platform.auth' => null, diff --git a/tests/Feature/GraphQL/Queries/GetBeamsTest.php b/tests/Feature/GraphQL/Queries/GetBeamsTest.php index 50fe2c4..74a3264 100644 --- a/tests/Feature/GraphQL/Queries/GetBeamsTest.php +++ b/tests/Feature/GraphQL/Queries/GetBeamsTest.php @@ -96,7 +96,7 @@ public function test_it_hides_code_field_when_unauthenticated() ]); $response = $this->graphql($this->method, [], true); - $this->assertEquals('Cannot query field "code" on type "BeamClaim".', $response['error']); + $this->assertEquals('Cannot query field "code" on type "Beam".', $response['error']); config([ 'enjin-platform.auth' => null,