diff --git a/.changeset/friendly-timers-bathe.md b/.changeset/friendly-timers-bathe.md new file mode 100644 index 00000000000..961a6d9f2b0 --- /dev/null +++ b/.changeset/friendly-timers-bathe.md @@ -0,0 +1,5 @@ +--- +'@keystone-next/keystone': patch +--- + +Updated items API to handle static `false` access control. diff --git a/packages-next/keystone/src/lib/getCoerceAndValidateArgumentsFnForGraphQLField.ts b/packages-next/keystone/src/lib/getCoerceAndValidateArgumentsFnForGraphQLField.ts index a937f030c5a..f80ad8eb337 100644 --- a/packages-next/keystone/src/lib/getCoerceAndValidateArgumentsFnForGraphQLField.ts +++ b/packages-next/keystone/src/lib/getCoerceAndValidateArgumentsFnForGraphQLField.ts @@ -43,8 +43,9 @@ function getTypeNodeForType(type: GraphQLType): TypeNode { export function getCoerceAndValidateArgumentsFnForGraphQLField( schema: GraphQLSchema, - field: GraphQLField + field?: GraphQLField ) { + if (!field) return; const variableDefintions: VariableDefinitionNode[] = []; for (const arg of field.args) { diff --git a/packages-next/keystone/src/lib/itemAPI.ts b/packages-next/keystone/src/lib/itemAPI.ts index 6d4493379ff..27a66345d47 100644 --- a/packages-next/keystone/src/lib/itemAPI.ts +++ b/packages-next/keystone/src/lib/itemAPI.ts @@ -43,6 +43,7 @@ export function itemAPIForList( const listKey = list.key; return { findOne({ resolveFields = 'id', ...rawArgs }) { + if (!getArgs.findOne) throw new Error('You do not have access to this resource'); const args = getArgs.findOne(rawArgs) as { where: { id: string } }; if (resolveFields) { return getItem({ listKey, context, returnFields: resolveFields, itemId: args.where.id }); @@ -51,6 +52,7 @@ export function itemAPIForList( } }, findMany({ resolveFields = 'id', ...rawArgs }) { + if (!getArgs.findMany) throw new Error('You do not have access to this resource'); const args = getArgs.findMany(rawArgs); if (resolveFields) { return getItems({ listKey, context, returnFields: resolveFields, ...args }); @@ -59,10 +61,12 @@ export function itemAPIForList( } }, async count(rawArgs) { - const args = getArgs.count(rawArgs); + if (!getArgs.count) throw new Error('You do not have access to this resource'); + const args = getArgs.count(rawArgs!); return (await list.listQueryMeta(args, context)).getCount(); }, createOne({ resolveFields = 'id', ...rawArgs }) { + if (!getArgs.createOne) throw new Error('You do not have access to this resource'); const { data } = getArgs.createOne(rawArgs); if (resolveFields) { return createItem({ listKey, context, returnFields: resolveFields, item: data }); @@ -71,6 +75,7 @@ export function itemAPIForList( } }, createMany({ resolveFields = 'id', ...rawArgs }) { + if (!getArgs.createMany) throw new Error('You do not have access to this resource'); const { data } = getArgs.createMany(rawArgs); if (resolveFields) { return createItems({ listKey, context, returnFields: resolveFields, items: data }); @@ -79,6 +84,7 @@ export function itemAPIForList( } }, updateOne({ resolveFields = 'id', ...rawArgs }) { + if (!getArgs.updateOne) throw new Error('You do not have access to this resource'); const { id, data } = getArgs.updateOne(rawArgs); if (resolveFields) { return updateItem({ listKey, context, returnFields: resolveFields, item: { id, data } }); @@ -87,6 +93,7 @@ export function itemAPIForList( } }, updateMany({ resolveFields = 'id', ...rawArgs }) { + if (!getArgs.updateMany) throw new Error('You do not have access to this resource'); const { data } = getArgs.updateMany(rawArgs); if (resolveFields) { return updateItems({ listKey, context, returnFields: resolveFields, items: data }); @@ -95,6 +102,7 @@ export function itemAPIForList( } }, deleteOne({ resolveFields = 'id', ...rawArgs }) { + if (!getArgs.deleteOne) throw new Error('You do not have access to this resource'); const { id } = getArgs.deleteOne(rawArgs); if (resolveFields) { return deleteItem({ listKey, context, returnFields: resolveFields, itemId: id }); @@ -103,6 +111,7 @@ export function itemAPIForList( } }, deleteMany({ resolveFields = 'id', ...rawArgs }) { + if (!getArgs.deleteMany) throw new Error('You do not have access to this resource'); const { ids } = getArgs.deleteMany(rawArgs); if (resolveFields) { return deleteItems({ listKey, context, returnFields: resolveFields, items: ids }); diff --git a/packages-next/keystone/src/lib/schema-type-printer.tsx b/packages-next/keystone/src/lib/schema-type-printer.tsx index 3990e9d0e87..9db47d976b4 100644 --- a/packages-next/keystone/src/lib/schema-type-printer.tsx +++ b/packages-next/keystone/src/lib/schema-type-printer.tsx @@ -133,6 +133,7 @@ export function printGeneratedTypes( const { gqlNames } = list; let listTypeInfoName = `${listKey}ListTypeInfo`; + const listQuery = queryNodeFieldsByName[gqlNames.listQueryName]; printedTypes += ` export type ${listTypeInfoName} = { key: ${JSON.stringify(listKey)}; @@ -146,7 +147,11 @@ export type ${listTypeInfoName} = { update: ${gqlNames.updateInputName}; }; args: { - listQuery: ${printArgs(queryNodeFieldsByName[gqlNames.listQueryName].arguments!)} + listQuery: ${ + listQuery + ? printArgs(listQuery.arguments!) + : 'import("@keystone-next/types").BaseGeneratedListTypes["args"]["listQuery"]' + } }; };