Safe Haskell	None
Language	Haskell2010

Hasura.RQL.Types.Allowlist

Synopsis

newtype DropCollectionFromAllowlist = DropCollectionFromAllowlist {
- _dcfaCollection :: CollectionName
}
data AllowlistScope
- = AllowlistScopeGlobal
- | AllowlistScopeRoles (NonEmpty RoleName)
data AllowlistEntry = AllowlistEntry {
- aeCollection :: CollectionName
- aeScope :: AllowlistScope
}
newtype UpdateScopeOfCollectionInAllowlist = UpdateScopeOfCollectionInAllowlist AllowlistEntry
type MetadataAllowlist = InsOrdHashMap CollectionName AllowlistEntry
metadataAllowlistInsert :: AllowlistEntry -> MetadataAllowlist -> Either Text MetadataAllowlist
metadataAllowlistUpdateScope :: AllowlistEntry -> MetadataAllowlist -> Either Text MetadataAllowlist
metadataAllowlistAllCollections :: MetadataAllowlist -> [CollectionName]
newtype NormalizedQuery = NormalizedQuery {
- unNormalizedQuery :: ExecutableDocument Name
}
normalizeQuery :: ExecutableDocument Name -> NormalizedQuery
data InlinedAllowlist = InlinedAllowlist {
- iaGlobal :: HashSet NormalizedQuery
- iaPerRole :: HashMap RoleName (HashSet NormalizedQuery)
}
inlineAllowlist :: QueryCollections -> MetadataAllowlist -> InlinedAllowlist
data AllowlistMode
- = AllowlistModeGlobalOnly
- | AllowlistModeFull
allowlistAllowsQuery :: InlinedAllowlist -> AllowlistMode -> RoleName -> ExecutableDocument Name -> Bool

Documentation

newtype DropCollectionFromAllowlist Source #

Constructors

DropCollectionFromAllowlist
Fields _dcfaCollection :: CollectionName

Instances

Instances details

Eq DropCollectionFromAllowlist Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods (==) :: DropCollectionFromAllowlist -> DropCollectionFromAllowlist -> Bool # (/=) :: DropCollectionFromAllowlist -> DropCollectionFromAllowlist -> Bool #
Show DropCollectionFromAllowlist Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods showsPrec :: Int -> DropCollectionFromAllowlist -> ShowS # show :: DropCollectionFromAllowlist -> String # showList :: [DropCollectionFromAllowlist] -> ShowS #
FromJSON DropCollectionFromAllowlist Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods parseJSON :: Value -> Parser DropCollectionFromAllowlist parseJSONList :: Value -> Parser [DropCollectionFromAllowlist]
ToJSON DropCollectionFromAllowlist Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods toJSON :: DropCollectionFromAllowlist -> Value toEncoding :: DropCollectionFromAllowlist -> Encoding toJSONList :: [DropCollectionFromAllowlist] -> Value toEncodingList :: [DropCollectionFromAllowlist] -> Encoding

data AllowlistScope Source #

Constructors

AllowlistScopeGlobal
AllowlistScopeRoles (NonEmpty RoleName)

Instances

Instances details

Eq AllowlistScope Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods (==) :: AllowlistScope -> AllowlistScope -> Bool # (/=) :: AllowlistScope -> AllowlistScope -> Bool #
Show AllowlistScope Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods showsPrec :: Int -> AllowlistScope -> ShowS # show :: AllowlistScope -> String # showList :: [AllowlistScope] -> ShowS #
Generic AllowlistScope Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Associated Types type Rep AllowlistScope :: Type -> Type # Methods from :: AllowlistScope -> Rep AllowlistScope x # to :: Rep AllowlistScope x -> AllowlistScope #
FromJSON AllowlistScope Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods parseJSON :: Value -> Parser AllowlistScope parseJSONList :: Value -> Parser [AllowlistScope]
ToJSON AllowlistScope Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods toJSON :: AllowlistScope -> Value toEncoding :: AllowlistScope -> Encoding toJSONList :: [AllowlistScope] -> Value toEncodingList :: [AllowlistScope] -> Encoding
type Rep AllowlistScope Source #
Instance details Defined in Hasura.RQL.Types.Allowlist type Rep AllowlistScope = D1 ('MetaData "AllowlistScope" "Hasura.RQL.Types.Allowlist" "graphql-engine-1.0.0-inplace" 'False) (C1 ('MetaCons "AllowlistScopeGlobal" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "AllowlistScopeRoles" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (NonEmpty RoleName))))

data AllowlistEntry Source #

Constructors

AllowlistEntry
Fields aeCollection :: CollectionName aeScope :: AllowlistScope

Instances

Instances details

Eq AllowlistEntry Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods (==) :: AllowlistEntry -> AllowlistEntry -> Bool # (/=) :: AllowlistEntry -> AllowlistEntry -> Bool #
Show AllowlistEntry Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods showsPrec :: Int -> AllowlistEntry -> ShowS # show :: AllowlistEntry -> String # showList :: [AllowlistEntry] -> ShowS #
Generic AllowlistEntry Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Associated Types type Rep AllowlistEntry :: Type -> Type # Methods from :: AllowlistEntry -> Rep AllowlistEntry x # to :: Rep AllowlistEntry x -> AllowlistEntry #
FromJSON AllowlistEntry Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods parseJSON :: Value -> Parser AllowlistEntry parseJSONList :: Value -> Parser [AllowlistEntry]
ToJSON AllowlistEntry Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods toJSON :: AllowlistEntry -> Value toEncoding :: AllowlistEntry -> Encoding toJSONList :: [AllowlistEntry] -> Value toEncodingList :: [AllowlistEntry] -> Encoding
type Rep AllowlistEntry Source #
Instance details Defined in Hasura.RQL.Types.Allowlist type Rep AllowlistEntry = D1 ('MetaData "AllowlistEntry" "Hasura.RQL.Types.Allowlist" "graphql-engine-1.0.0-inplace" 'False) (C1 ('MetaCons "AllowlistEntry" 'PrefixI 'True) (S1 ('MetaSel ('Just "aeCollection") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 CollectionName) :*: S1 ('MetaSel ('Just "aeScope") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 AllowlistScope)))

newtype UpdateScopeOfCollectionInAllowlist Source #

Wrap AllowlistEntry with a FromJSON instance that requires scope to be set.

Constructors

UpdateScopeOfCollectionInAllowlist AllowlistEntry

Instances

Instances details

FromJSON UpdateScopeOfCollectionInAllowlist Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods parseJSON :: Value -> Parser UpdateScopeOfCollectionInAllowlist parseJSONList :: Value -> Parser [UpdateScopeOfCollectionInAllowlist]

type MetadataAllowlist = InsOrdHashMap CollectionName AllowlistEntry Source #

metadataAllowlistInsert :: AllowlistEntry -> MetadataAllowlist -> Either Text MetadataAllowlist Source #

metadataAllowlistUpdateScope :: AllowlistEntry -> MetadataAllowlist -> Either Text MetadataAllowlist Source #

metadataAllowlistAllCollections :: MetadataAllowlist -> [CollectionName] Source #

Produce a list of all collections in the allowlist. This is used in runDropCollection to function to ensure that we don't delete any collections which are referred to in the allowlist.

newtype NormalizedQuery Source #

A query stripped of typenames. A query is allowed if it occurs in an allowed query collection after normalization.

Compare docsgraphqlcoredeploymentallow-list.rst.

Constructors

NormalizedQuery
Fields unNormalizedQuery :: ExecutableDocument Name

Instances

Instances details

Eq NormalizedQuery Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods (==) :: NormalizedQuery -> NormalizedQuery -> Bool # (/=) :: NormalizedQuery -> NormalizedQuery -> Bool #
Show NormalizedQuery Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods showsPrec :: Int -> NormalizedQuery -> ShowS # show :: NormalizedQuery -> String # showList :: [NormalizedQuery] -> ShowS #
Hashable NormalizedQuery Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods hashWithSalt :: Int -> NormalizedQuery -> Int hash :: NormalizedQuery -> Int
ToJSON NormalizedQuery Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods toJSON :: NormalizedQuery -> Value toEncoding :: NormalizedQuery -> Encoding toJSONList :: [NormalizedQuery] -> Value toEncodingList :: [NormalizedQuery] -> Encoding

normalizeQuery :: ExecutableDocument Name -> NormalizedQuery Source #

Normalize query for comparison by stripping type names.

data InlinedAllowlist Source #

InlinedAllowlist is the data type with which the allowlist is represented in the schema cache, it contains a global and a per role allowlist and when allowlist is enabled in the graphql-engine, the incoming query for a non-admin role should either be in the global allowlist or in the given role's role based allowlist.

Essentially, it's a memoization of allowlistAllowsQuery implemented in terms of MetadataAllowlist.

Constructors

InlinedAllowlist
Fields iaGlobal :: HashSet NormalizedQuery iaPerRole :: HashMap RoleName (HashSet NormalizedQuery)

Instances

Instances details

Eq InlinedAllowlist Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods (==) :: InlinedAllowlist -> InlinedAllowlist -> Bool # (/=) :: InlinedAllowlist -> InlinedAllowlist -> Bool #
Show InlinedAllowlist Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods showsPrec :: Int -> InlinedAllowlist -> ShowS # show :: InlinedAllowlist -> String # showList :: [InlinedAllowlist] -> ShowS #
ToJSON InlinedAllowlist Source #
Instance details Defined in Hasura.RQL.Types.Allowlist Methods toJSON :: InlinedAllowlist -> Value toEncoding :: InlinedAllowlist -> Encoding toJSONList :: [InlinedAllowlist] -> Value toEncodingList :: [InlinedAllowlist] -> Encoding

inlineAllowlist :: QueryCollections -> MetadataAllowlist -> InlinedAllowlist Source #

data AllowlistMode Source #

The mode in which the allowlist functions. In global mode, collections with non-global scope are ignored.

Constructors

AllowlistModeGlobalOnly
AllowlistModeFull

allowlistAllowsQuery :: InlinedAllowlist -> AllowlistMode -> RoleName -> ExecutableDocument Name -> Bool Source #