Problem/Motivation

With recent security fixes in drupal/graphql module 4.6.0 there could be a breaking change with defined Thunder GraphQL schema.

The https://www.drupal.org/sa-contrib-2023-050 for drupal/graphql change its entity label dataproducer in a way, that when user do not have access to an entity it is also not showing its entity label anymore to such user and fall back to NULL. This is currently not allowed with defined Thunder GraphQL schema and could produce fatal errors in your GraphQL based applications.

Steps to reproduce

  1. Update to drupal/graphql:4.6.0 or higher
  2. Add an unpublished channel taxonomy_term entity
  3. Add a published article which is using this unpublished channel taxonomy_term entity via field_channel
  4. Request data of article with channel information as non-logged-in user via GraphQL

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
#2 3401211-02.patch1022 bytesdaniel.bosen

Comments

IT-Cru created an issue. See original summary.

daniel.bosen’s picture

daniel.bosen
he/him
commented
StatusFileSize
new 3401211-02.patch1022 bytes

Does the patch help?

daniel.bosen’s picture

daniel.bosen
he/him
commented
Status: Active » Needs review
it-cru’s picture

it-cru
Primary language English
Location Munich
commented

@daniel.bosen: During first own testing attached patch resolve the issue for us with Thunder 6.5.x. Review and QA process is missing yet.

it-cru’s picture

it-cru
Primary language English
Location Munich
commented
Status: Needs review » Active

@daniel.bosen: QA process finished and we do not get errors from broken GraphQL schema anymore.

it-cru’s picture

it-cru
Primary language English
Location Munich
commented
Status: Active » Reviewed & tested by the community

  • daniel.bosen authored 86c108e8 on 7.1.x 
    Issue #3401211 by daniel.bosen, IT-Cru: Possible break of Thunder...

  • daniel.bosen authored 86c108e8 on feature/improve-thunder-menu-gqls 
    Issue #3401211 by daniel.bosen, IT-Cru: Possible break of Thunder...

  • daniel.bosen authored 86c108e8 on fix/3396526 
    Issue #3401211 by daniel.bosen, IT-Cru: Possible break of Thunder...

  • daniel.bosen authored 8864fc9b on 7.2.x 
    #3401211 Possible break of Thunder GraphQL schema with drupal/graphql:4....
chr.fritsch’s picture

chr.fritsch
he/him
Primary language German
Location 🇩🇪🇪🇺🌍
commented
Status: Reviewed & tested by the community » Fixed

  • daniel.bosen authored 8864fc9b on fix/3396526 
    #3401211 Possible break of Thunder GraphQL schema with drupal/graphql:4....

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.