fix: allow unauthenticated operations in seed script

core/api_test.go

@@ -19,7 +19,7 @@ func BenchmarkGraphQL(b *testing.B) {
 	defer db.Close()
 
 	// mock.ExpectQuery(`^SELECT jsonb_build_object`).WithArgs()
-	c := &Config{DefaultBlock: true}
+	c := &Config{}
 	sg, err := newSuperGraph(c, db, psql.GetTestDBInfo())
 	if err != nil {
 		b.Fatal(err)

core/config.go

@@ -30,11 +30,12 @@ type Config struct {
 	// or other database functions
 	SetUserID bool `mapstructure:"set_user_id"`
 
-	// DefaultBlock ensures only tables configured under the `anon` role
-	// config can be queries if the `anon` role. For example if the table
-	// `users` is not listed under the anon role then it will be filtered
-	// out of any unauthenticated queries that mention it.
-	DefaultBlock bool `mapstructure:"default_block"`
+	// DefaultAllow reverses the blocked by default behaviour for queries in
+	// anonymous mode. (anon role)
+	// For example if the table `users` is not listed under the anon role then
+	// access to it would by default for unauthenticated queries this reverses
+	// this behavior (!!! Use with caution !!!!)
+	DefaultAllow bool `mapstructure:"default_allow"`
 
 	// Vars is a map of hardcoded variables that can be leveraged in your
 	// queries (eg variable admin_id will be $admin_id in the query)

core/core.go

@@ -93,8 +93,7 @@ func (sg *SuperGraph) initCompilers() error {
 	}
 
 	sg.qc, err = qcode.NewCompiler(qcode.Config{
-		DefaultBlock: sg.conf.DefaultBlock,
-		Blocklist:    sg.conf.Blocklist,
+		Blocklist: sg.conf.Blocklist,
 	})
 	if err != nil {
 		return err

core/init.go

@@ -70,8 +70,8 @@ func (sg *SuperGraph) initConfig() error {
 		sg.roles["user"] = &ur
 	}
 
-	// If anon role is not defined and DefaultBlock is not then then create it
-	if _, ok := sg.roles["anon"]; !ok && !c.DefaultBlock {
+	// If anon role is not defined then create it
+	if _, ok := sg.roles["anon"]; !ok {
 		ur := Role{
 			Name: "anon",
 			tm:   make(map[string]*RoleTable),
@@ -206,7 +206,7 @@ func addForeignKey(di *psql.DBInfo, c Column, t Table) error {
 func addRoles(c *Config, qc *qcode.Compiler) error {
 	for _, r := range c.Roles {
 		for _, t := range r.Tables {
-			if err := addRole(qc, r, t); err != nil {
+			if err := addRole(qc, r, t, c.DefaultAllow); err != nil {
 				return err
 			}
 		}
@@ -215,9 +215,13 @@ func addRoles(c *Config, qc *qcode.Compiler) error {
 	return nil
 }
 
-func addRole(qc *qcode.Compiler, r Role, t RoleTable) error {
+func addRole(qc *qcode.Compiler, r Role, t RoleTable, defaultAllow bool) error {
 	ro := true // read-only
 
+	if defaultAllow {
+		ro = false
+	}
+
 	if r.Name != "anon" {
 		ro = false
 	}

core/internal/integration_tests/integration_tests.go

@@ -50,7 +50,7 @@ func DropSchema(t *testing.T, db *sql.DB) {
 }
 
 func TestSuperGraph(t *testing.T, db *sql.DB, before func(t *testing.T)) {
-	config := core.Config{DefaultBlock: true}
+	config := core.Config{}
 	config.UseAllowList = false
 	config.AllowListFile = "./allow.list"
 	config.RolesQuery = `SELECT * FROM users WHERE id = $user_id`

core/internal/qcode/config.go

@@ -7,8 +7,7 @@ import (
 )
 
 type Config struct {
-	Blocklist    []string
-	DefaultBlock bool
+	Blocklist []string
 }
 
 type QueryConfig struct {

core/internal/qcode/qcode.go

@@ -180,7 +180,7 @@ var expPool = sync.Pool{
 }
 
 func NewCompiler(c Config) (*Compiler, error) {
-	co := &Compiler{db: c.DefaultBlock}
+	co := &Compiler{}
 	co.tr = make(map[string]map[string]*trval)
 	co.bl = make(map[string]struct{}, len(c.Blocklist))