zammad_schema.rb 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. class Gql::ZammadSchema < GraphQL::Schema
  3. mutation Gql::EntryPoints::Mutations
  4. query Gql::EntryPoints::Queries
  5. subscription Gql::EntryPoints::Subscriptions
  6. context_class Gql::Context::CurrentUserAware
  7. use GraphQL::Subscriptions::ActionCableSubscriptions, broadcast: true, default_broadcastable: false
  8. # Enable batch loading
  9. use GraphQL::Batch
  10. description 'This is the Zammad GraphQL API'
  11. # Set default limits to protect the system. Values may need to be adjusted in future.
  12. default_max_page_size 2000
  13. default_page_size 100
  14. max_complexity 10_000
  15. # Depth of 15 is needed for commmon introspection queries like Insomnia.
  16. max_depth 15
  17. TYPE_MAP = {
  18. ::Store => ::Gql::Types::StoredFileType
  19. }.freeze
  20. # Union and Interface Resolution
  21. def self.resolve_type(_abstract_type, obj, _ctx)
  22. TYPE_MAP[obj.class] || "Gql::Types::#{obj.class.name}Type".constantize
  23. rescue
  24. raise GraphQL::RequiredImplementationMissingError, "Cannot resolve type for '#{obj.class.name}'."
  25. end
  26. # Relay-style Object Identification:
  27. # Return a string UUID for the internal ID.
  28. def self.id_from_internal_id(klass, internal_id)
  29. GlobalID.new(::URI::GID.build(app: GlobalID.app, model_name: klass.to_s, model_id: internal_id)).to_s
  30. end
  31. # Return a string UUID for `object`
  32. def self.id_from_object(object, _type_definition = nil, _query_ctx = nil)
  33. object.to_global_id.to_s
  34. end
  35. # Given a string UUID, find the object.
  36. def self.object_from_id(id, _query_ctx = nil, type: ActiveRecord::Base)
  37. GlobalID.find(id, only: type)
  38. end
  39. # Find the object, but also ensure its type and that it was actually found.
  40. def self.verified_object_from_id(id, type:)
  41. object_from_id(id, type: type) || raise(ActiveRecord::RecordNotFound, "Could not find #{type} #{id}")
  42. end
  43. # Like .verified_object_from_id, but with additional Pundit autorization.
  44. # This is only needed for objects where no validation takes place through their GraphQL type.
  45. def self.authorized_object_from_id(id, type:, user:, query: :show?)
  46. verified_object_from_id(id, type: type).tap do |object|
  47. Pundit.authorize user, object, query
  48. rescue Pundit::NotAuthorizedError => e
  49. # Map Pundit errors since we are not in a GraphQL built-in authorization context here.
  50. raise Exceptions::Forbidden, e.message
  51. end
  52. end
  53. def self.unauthorized_object(error)
  54. raise Exceptions::Forbidden, error.message # Add a top-level error to the response instead of returning nil.
  55. end
  56. def self.unauthorized_field(error)
  57. raise Exceptions::Forbidden, error.message # Add a top-level error to the response instead of returning nil.
  58. end
  59. RETHROWABLE_ERRORS = [GraphQL::ExecutionError, ArgumentError, IndexError, NameError, RangeError, RegexpError, SystemCallError, ThreadError, TypeError, ZeroDivisionError].freeze
  60. # Post-process errors and enrich them with meta information for processing on the client side.
  61. rescue_from(StandardError) do |err, _obj, _args, ctx, field|
  62. if field&.path&.start_with?('Mutations.')
  63. user_locale = ctx.current_user?&.locale
  64. case err
  65. when ActiveRecord::RecordInvalid
  66. next { errors: build_record_invalid_errors(err.record, user_locale) }
  67. when ActiveRecord::RecordNotUnique
  68. next { errors: [ message: Translation.translate(user_locale, 'This object already exists.') ] }
  69. end
  70. end
  71. # Re-throw built-in errors that point to programming errors rather than problems with input or data - causes GraphQL processing to be aborted.
  72. RETHROWABLE_ERRORS.each do |klass|
  73. raise err if err.instance_of?(klass)
  74. end
  75. extensions = {
  76. type: err.class.name,
  77. }
  78. if Rails.env.development? || Rails.env.test?
  79. extensions[:backtrace] = Rails.backtrace_cleaner.clean(err.backtrace)
  80. end
  81. # We need to throw an ExecutionError, all others would cause the GraphQL processing to die.
  82. raise GraphQL::ExecutionError.new(err.message, extensions: extensions)
  83. end
  84. def self.build_record_invalid_errors(record, user_locale)
  85. record.errors.map do |e|
  86. field_name = e.attribute.to_s.camelize(:lower)
  87. {
  88. field: field_name == 'base' ? nil : field_name,
  89. message: e.localized_full_message(locale: user_locale, no_field_name: true)
  90. }
  91. end
  92. end
  93. private_class_method :build_record_invalid_errors
  94. end