Updated AuthorizationValidationRule to skip authorization checks when the field is not included or skipped due to directives.

chris-nissen · chris-nissen · commit ed076b6cbe5f · 2021-01-27T11:12:57.000-07:00
diff --git a/src/GraphQL.Authorization/AuthorizationValidationRule.cs b/src/GraphQL.Authorization/AuthorizationValidationRule.cs
@@ -1,4 +1,6 @@
+using System.Linq;
 using System.Threading.Tasks;
+using GraphQL.Execution;
 using GraphQL.Language.AST;
 using GraphQL.Types;
 using GraphQL.Validation;
@@ -49,7 +51,7 @@ public Task<INodeVisitor> ValidateAsync(ValidationContext context)
                 {
                     var fieldDef = context.TypeInfo.GetFieldDef();
 
-                    if (fieldDef == null)
+                    if (fieldDef == null || SkipAuthCheck(fieldAst, context)) 
                         return;
 
                     // check target field
@@ -60,6 +62,37 @@ public Task<INodeVisitor> ValidateAsync(ValidationContext context)
             }));
         }
 
+        private bool SkipAuthCheck(Field fieldAst, ValidationContext context)
+        {
+            if (fieldAst.Directives == null || !fieldAst.Directives.Any()) return true;
+
+            var includeField = GetDirectiveValue(context, fieldAst.Directives, DirectiveGraphType.Include.Name);
+            if (includeField.HasValue) return !includeField.Value;
+
+            var skipField = GetDirectiveValue(context, fieldAst.Directives, DirectiveGraphType.Skip.Name);
+            if (skipField.HasValue) return skipField.Value;
+
+            return false;
+        }
+
+        private static bool? GetDirectiveValue(ValidationContext context, Directives directives, string directiveName)
+        {
+            var directive = directives.Find(directiveName);
+            if (directive == null) return null;
+
+            var operation = !string.IsNullOrWhiteSpace(context.OperationName)
+                ? context.Document.Operations.WithName(context.OperationName)
+                : context.Document.Operations.FirstOrDefault();
+            var values = ExecutionHelper.GetArgumentValues(
+                context.Schema,
+                DirectiveGraphType.Include.Arguments,
+                directive.Arguments,
+                ExecutionHelper.GetVariableValues(context.Document, context.Schema, operation?.Variables, context.Inputs));
+
+            values.TryGetValue("if", out object ifObj);
+            return bool.TryParse(ifObj?.ToString() ?? string.Empty, out bool ifVal) && ifVal;
+        }
+
         private void CheckAuth(
             INode node,
             IProvideMetadata type,
