Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Function returning table from non search_path schema #455

Open
dvv opened this issue Nov 29, 2023 · 2 comments
Open

Function returning table from non search_path schema #455

dvv opened this issue Nov 29, 2023 · 2 comments
Assignees
@olirice
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@dvv
Copy link

dvv commented Nov 29, 2023

Describe the bug
Seems a function returning a table from another schema is not exposed.

To Reproduce
Steps to reproduce the behavior:

begin;

create schema if not exists a1; grant usage on schema a1 to public;
create table a1.foo(id int); grant select on table a1.foo to public;
create or replace function a1.the_foo() returns a1.foo stable return (select f from a1.foo f where f.id = 1);
grant execute on function a1.the_foo() to public;

create schema if not exists a2; grant usage on schema a2 to public;
create or replace function a2.get_the_foo() returns a1.foo stable as $$ select * from a1.the_foo() $$ language sql;
grant execute on function a2.get_the_foo() to public;

set local search_path to 'a1';
select graphql.resolve($${__type(name: "Query") {fields(includeDeprecated: false) {name args {name type {kind name ofType {kind name}}}}}}$$)->'data'->'__type'->'fields'->1;
-- {"args": [], "name": "the_foo"}

set local search_path to 'a2';
select graphql.resolve($${__type(name: "Query") {fields(includeDeprecated: false) {name args {name type {kind name ofType {kind name}}}}}}$$)->'data'->'__type'->'fields'->1;
-- null

rollback;

Expected behavior
I would expect fully-typed return values to be exposed based on permissions and regardless of search_path.

Versions:

  • PostgreSQL: 16.1
  • pg_graphql commit ref: ee8ef69
@dvv dvv added the triage-required Pending triage from maintainers label Nov 29, 2023
@dvv
Copy link
Author

dvv commented Nov 29, 2023

To narrow the problem.

I believe we should collect array of entities used in exposed functions (arg_types || type_oid).
Filter them by schema usage permission.
Expose them as types and may be connections (if some function returns the setof of the entity).
Do NOT expose collection/mutation for them, effectively obey search_path instruction.

That way we won't be in need to proxy each and every piece of hidden schemas to the exposed schema.

@olirice
Copy link
Contributor

olirice commented Nov 29, 2023
edited
Loading

yes, you're exactly right with the solution

One way would be to add a CTE under this to collect any tables or views referenced by functions on the search_path where the referenced table is not on the search_path and then updating the join here to include them

It might not actually require an update to the rust source but TBD

@olirice olirice added enhancement New feature or request good first issue Good for newcomers and removed triage-required Pending triage from maintainers labels Nov 29, 2023
@olirice olirice changed the title Function not exposed Function returning table from non search_path schema Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@olirice olirice

Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dvv @olirice