Updated AuthorizationValidationRule to skip authorization checks when the field is not included or skipped due to directives.

chris-nissen · chris-nissen · commit 79f89c2f2d4e · 2018-11-20T11:13:02.000-07:00
diff --git a/src/GraphQL.Authorization/AuthorizationValidationRule.cs b/src/GraphQL.Authorization/AuthorizationValidationRule.cs
@@ -1,4 +1,5 @@
-﻿using System.Linq;
+using System.Linq;
+using GraphQL.Execution;
 using GraphQL.Language.AST;
 using GraphQL.Types;
 using GraphQL.Validation;
@@ -49,7 +50,7 @@ public INodeVisitor Validate(ValidationContext context)
                 {
                     var fieldDef = context.TypeInfo.GetFieldDef();
 
-                    if (fieldDef == null) return;
+                    if (fieldDef == null || SkipAuthCheck(fieldAst, context)) return;
 
                     // check target field
                     CheckAuth(fieldAst, fieldDef, userContext, context, operationType);
@@ -59,6 +60,37 @@ public INodeVisitor Validate(ValidationContext context)
             });
         }
 
+        private bool SkipAuthCheck(Field fieldAst, ValidationContext context)
+        {
+            if (fieldAst.Directives == null || !fieldAst.Directives.Any()) return true;
+
+            var includeField = GetDirectiveValue(context, fieldAst.Directives, DirectiveGraphType.Include.Name);
+            if (includeField.HasValue) return !includeField.Value;
+
+            var skipField = GetDirectiveValue(context, fieldAst.Directives, DirectiveGraphType.Skip.Name);
+            if (skipField.HasValue) return skipField.Value;
+
+            return false;
+        }
+
+        private static bool? GetDirectiveValue(ValidationContext context, Directives directives, string directiveName)
+        {
+            var directive = directives.Find(directiveName);
+            if (directive == null) return null;
+
+            var operation = !string.IsNullOrWhiteSpace(context.OperationName)
+                ? context.Document.Operations.WithName(context.OperationName)
+                : context.Document.Operations.FirstOrDefault();
+            var values = ExecutionHelper.GetArgumentValues(
+                context.Schema,
+                DirectiveGraphType.Include.Arguments,
+                directive.Arguments,
+                ExecutionHelper.GetVariableValues(context.Document, context.Schema, operation?.Variables, context.Inputs));
+
+            values.TryGetValue("if", out object ifObj);
+            return bool.TryParse(ifObj?.ToString() ?? string.Empty, out bool ifVal) && ifVal;
+        }
+
         private void CheckAuth(
             INode node,
             IProvideMetadata type,
