graphile | graphics files | File Utils library

Based on investigation and trial-and-error, this seems to be something that is best solved with a custom function for updating posts.

An owner can use this function via GraphQL/Postgraphile:

Finally figured out a solution after visiting the NPM page for axe-cypress.

I found the solution to my problem!

I found that in my case the Access-Control-Allow-Origin error was due to my browser blocking the outward call to my API. My endpoint was never reached in the first place. So any configuration on the server level should not be done at this stage of the problem solving.

What I ended up doing is configuring a proxy in my Angular app.

My graphile server is listening on http://xxx.xxx.xxx.xxx:xxxx/graphql endpoint.

In the source root of my Angular app I created a file called proxy.conf.json:

I'm not positive, but I see a few things that might be causing this.

1. In your first code snippet, the only return statement is inside the callback function passed to then. So the create method does not return anything.

2. I looked at the src for typeORM... it looks like Repository.save() returns Promise (not Promise) when the input value is a single entity object (see Repository.ts). If this is the case, your GraphQL schema would be expecting this mutation to return an array of users, but the resolver is returning a single user.

Try changing the return type to Promise

GraphQL's top-down way of executing requests doesn't really lend itself to resolvers building up a query that would be executed once all resolvers are ran. In part, this is because the parent field's resolver has to complete execution before any child field resolvers are called. After all, they need to be called with the value that the parent resolved to.

If you had multiple calls to your datasource, it might make sense to split them across different resolvers. If you only need to make a single call to your datasource, though, doing so at the top level and using "lookahead" is the best approach. graphql-parse-resolve-info is an excellent library to help with that.

The only improvement over what you're doing now might be to move most of the logic for transforming the REST response into the resolvers for some of your non-root fields. In this way, you can gradually transform the parent value passed to each resolver as the execution moves through each "level" of your query.

For option 1, throwing an error from PostgreSQL during a query is not a good idea in PostGraphile because we compile the entire GraphQL tree into a single SQL query, so an error aborts the entire query. Instead, I would factor the permissions into the function and simply return null (rather than an error) if the user is not allowed to view it. One way to do this is with an additional WHERE clause:

Your don't say what a guest is, but your approach seems wrong.

Rather than disabling your checks on a low level, which gives you a bad feeling for good reasons, you should choose one of the following approaches:

• fix your policies to allow the necessary operation (perhaps by adding a permissive policy)

• have certain operations performed by a SECURITY DEFINER function that belongs to a user not subject to the restrictions.

If you insist on a trigger based solution, you have to use a BEFORE trigger. Also, consider that you cannot use parameterss with a SET statement. You'd either have to use dynamic SQL or (better) use a function:

This change is performed by PostGraphile's inflector; however it doesn't always get it right (e.g. in this case) but fortunately it's possible to override it with a small plugin.

In this case, it's probably best to add specific exceptions to the pluralize and singularize functions; you can do this using makeAddInflectorsPlugin from our inflection system. Be sure to pass true as the second argument so that the system knows you're deliberately overwriting the inflectors.

If you want to modify your resolver based on the requested selection set, there's really only one way to do that and that's to parse the AST of the requested query. In my experience, graphql-parse-resolve-info is the most complete solution for making that parsing less painful.

I imagine this isn't as common of an issue as you'd think because I imagine most folks fall into one of two groups:

• Users of frameworks or libraries like Postgraphile, Hasaura, Prisma, Join Monster, etc. which take care of optimizations like these for you (at least on the database side).
• Users who are not concerned about overfetching on the server-side and just request all columns regardless of the selection set.

In the latter case, fields that represent associations are given their own resolvers, so those subsequent calls to the database won't be fired unless they are actually requested. Data Loader is then used to help batch all these extra calls to the database. Ditto for fields that end up calling some other data source, like a REST API.

In this particular case, Data Loader would not be much help to you. The best approach is to have a single resolver for getUser that fetches the user details from the database and the REST endpoint. You can then, as you're already planning, adjust those calls (or skip them altogether) based on the requested fields. This can be cumbersome, but will work as expected.

The alternative to this approach is to simple fetch everything, but use caching to reduce the number of calls to your database and REST API. This way, you'll fetch the complete user each time, but you'll do so from memory unless the cache is invalidated or expires. This is more memory-intensive, and cache invalidation is always tricky, but it does simply your resolver logic significantly.