- Authorization: when a
fallback:configuration is given, apply it to each field which doesn't have a configuration of its own or from its return type. Don't apply that configuration at schema level (it's applied to each otherwise uncovered field instead).
- Support Mongoid::Criteria in authorization scoping
- Fix authorization code for when
ActiveRecordis not defined
- Use a more permissive regexp (
/^\s*((?:[a-z._]+)\(.*\))\s*(asc|desc)?\s*$/im) to parse SQL functions
- Fix route helpers to support class-based schemas
- Support
1.8-preversions of GraphQL-Ruby
- Fix OperationStore when other query instrumenters need
.query_string
- Support
LEAST(...)in stable cursors
- Support
CASE ... ENDin stable cursors
- Support
FIELD(...)in stable cursors
- Improve detection of
OperationStorefor the dashboard - Serve
Content-TypeandContent-Lengthheaders with dashboard pages - Better
Dashboard#inspectfor Rails routes output - Use a string to apply order-by-primary-key for better Rails 3 support
- Support
composite_primary_keysgem
GraphQL::Pro::UIrenamed toGraphQL::Pro::Dashboard
- Routing method
.uiwas renamed to.dashboard
- Added
GraphQL::Pro::Subscriptions - Added subscriptions component to Dashboard
- Don't crash when scoping lists of abstract types with Pundit
- Use
authorize(:pundit, namespace: )to lookup policies in a namespace instead of the global namespace.
- Introspection data is allowed through
fallback:authorize:andaccess:filters. (It can be hidden with aview:filter.)
- Properly return
nilwhen a list of authorized objects returnsnil
- Add
authorization(..., operation_store:)option for authorizing operation store requests
- Support
ConnectionType.bidrectional_pagination?in stable RelationConnection
- Fix load issue when Rails is not present
-
Fix OperationStore views on PostgresQL
-
Fix stable cursors when joined tables have the same column names
Note: This is implemented by adding extra fields to the
SELECTclause with aliases likecursor_#{idx}, so you'll notice this in your SQL logs.
- Bump
graphqldependency to1.6
- Routing extensions moved to
using GraphQL::Pro::Routes
- Deprecate
using GraphQL::Pro, move extensions toGraphQL::Pro::Routes
- Add
GraphQL::Pro::OperationStorefor persisted queries with Rails
- Update
authorizationto use type-levelresolve_typehooks
- Update authorization instrumentation for
graphql >= 1.6.5
- Fix typo in RelationConnection source
- Correctly fall back to offset-based cursors with
before:argument
- Add
Schema#unauthorized_object(obj, ctx)hook for failed runtime checks
- Prevent usage of
parent_role:withview:oraccess:(since parent role requires a runtime check) - Fix versioned, encrypted cursors with 16-byte legacy cursors
OrderedRelationConnectionsupports ordering by joined fields
- Update auth plugin for new Relay instrumenters
Pro::Encodersupportsencoder(...)as documented
- Fix compatibility of
RelationConnectionandRangeAddhelper
- Add
:datadogmonitoring
ActiveRecord::Relations can be scoped by PunditScopes, CanCanaccessible_by, or custom strategy's#scope(gate, relation)methods- Default authorization configuration can be provided with
authorization(..., fallback: { ... }) - Authorization's
:current_userkey can be customized withauthorization(..., current_user: ...)
- Serve static, persisted queries with
GraphQL::Pro::Repository
- Fix compatibility of
RelationConnectionandRangeAddhelper
- Raise
GraphQL::Pro::RelationConnection::InvalidRelationErrorwhen a grouped, unordered relation is returned from a field. (This relation can't be stably paginated.)
- Formally support ActiveRecord
>= 4.1.0
- Support grouped relations in
GraphQL::Pro::RelationConnection
-
Authorize fields based on their parent object, for example:
AccountType = GraphQL::ObjectType.define do name "Account" # This field is visible to all users: field :name, types.String # This is only visible when the current user is an `:owner` # of this account field :account_balance, types.Int, authorize: { parent_role: :owner } end
- Fix monitoring when
Query#selected_operationis nil
- Add AppSignal monitoring platform
- Add type- and field-level opting in and opting out of monitoring
- Add
monitor_scalars: falseto skip monitoring on scalars
- Fix
OrderedRelationConnectionwhen neitherfirstnorlastare provided (usemax_page_sizeor don't limit)
OrderedRelationConnectionexposes more metadata methods:parent,field,arguments,max_page_size,first,after,last,before
- When an authorization check fails on a non-null field, propagate the null and add a response to the errors key (as if the field had returned null). It previously leaked the internal symbol
__graphql_pro_access_not_allowed__. - Apply a custom Pundit policy even when the value isn't
nil. (It previously fell back toPundit.policy, skipping apundit_policy_nameconfiguration.)
OrderedRelationConnectionexposes the underlying relation as#nodes(likeRelationConnectiondoes), supporting custom connection fields.
-
CanCan integration now supports a custom
Abilityclass with theability_class:option:authorize :cancan, ability_class: CustomAbility
GraphQL::Proreleased