Merge pull request #1351 from rrdelaney/rrdelaney/bind-auth-scope-loa…

…ders

Bind auth scope loaders to scopes object

.changeset/nervous-shoes-grin.md

@@ -0,0 +1,5 @@
+---
+"@pothos/plugin-scope-auth": patch
+---
+
+Bind `authScopes` loaders to returned provider

packages/plugin-scope-auth/src/request-cache.ts

@@ -159,14 +159,15 @@ export default class RequestCache<Types extends SchemaTypes> {
     const key = this.cacheKey ? this.cacheKey(arg) : arg;
 
     if (!cache.has(key)) {
-      const loader = scopes[name];
+      let loader = scopes[name];
 
       if (typeof loader !== 'function') {
         throw new PothosValidationError(
           `Attempted to evaluate scope ${String(name)} as scope loader, but it is not a function`,
         );
       }
 
+      loader = loader.bind(scopes);
       let result: MaybePromise<boolean>;
 
       if (this.treatErrorsAsUnauthorized) {

packages/plugin-scope-auth/tests/__snapshots__/index.test.ts.snap

@@ -169,6 +169,7 @@ type Query {
   forAsyncPermission: String
   forAsyncPermissionFn(permission: String): String
   forBooleanFn(result: Boolean!): String
+  forBoundPermission: String
   forSyncPermission: String
   forSyncPermissionFn(permission: String): String
   grantedFromRoot: String

packages/plugin-scope-auth/tests/example/builder.ts

@@ -11,17 +11,20 @@ interface Context {
   count?: (name: string) => void;
 }
 
+interface AuthScopes {
+  loggedIn: boolean;
+  admin: boolean;
+  syncPermission: string;
+  asyncPermission: string;
+  boundPermission: boolean;
+}
+
 const builder = new SchemaBuilder<{
   Context: Context;
   Interfaces: {
     StringInterface: {};
   };
-  AuthScopes: {
-    loggedIn: boolean;
-    admin: boolean;
-    syncPermission: string;
-    asyncPermission: string;
-  };
+  AuthScopes: AuthScopes;
   AuthContexts: {
     loggedIn: Context & { user: User; isLoggedIn: true };
     admin: Context & { user: User; isAdmin: true };
@@ -59,6 +62,9 @@ const builder = new SchemaBuilder<{
 
           return await !!context.user?.permissions.includes(perm);
         },
+        boundPermission(this: AuthScopes) {
+          return this.admin;
+        },
       };
     },
   },

packages/plugin-scope-auth/tests/example/schema/index.ts

@@ -441,6 +441,12 @@ builder.queryType({
       },
       resolve: () => 'ok',
     }),
+    forBoundPermission: t.string({
+      authScopes: {
+        boundPermission: true,
+      },
+      resolve: () => 'ok',
+    }),
     forAll: t.string({
       authScopes: {
         $all: {

packages/plugin-scope-auth/tests/field-auth-scopes.test.ts

@@ -198,6 +198,62 @@ describe('queries for field authScopes with', () => {
     `);
   });
 
+  it('field scope with bound loader', async () => {
+    const query = gql`
+      query {
+        forBoundPermission
+      }
+    `;
+
+    const result = await execute({
+      schema: exampleSchema,
+      document: query,
+      contextValue: {
+        user: new User({
+          'x-user-id': '1',
+          'x-roles': 'admin',
+        }),
+      },
+    });
+
+    expect(result).toMatchInlineSnapshot(`
+      {
+        "data": {
+          "forBoundPermission": "ok",
+        },
+      }
+    `);
+  });
+
+  it('field scope with bound loader (unauthorized)', async () => {
+    const query = gql`
+      query {
+        forBoundPermission
+      }
+    `;
+
+    const result = await execute({
+      schema: exampleSchema,
+      document: query,
+      contextValue: {
+        user: new User({
+          'x-user-id': '1',
+        }),
+      },
+    });
+
+    expect(result).toMatchInlineSnapshot(`
+      {
+        "data": {
+          "forBoundPermission": null,
+        },
+        "errors": [
+          [GraphQLError: Not authorized to resolve Query.forBoundPermission],
+        ],
+      }
+    `);
+  });
+
   it('field with $any (sync)', async () => {
     const query = gql`
       query {