fix: vars not sanitized in roles_query

README.md

@@ -15,10 +15,7 @@ Designed to 100x your developer productivity. Super Graph will instantly and wit
 ## Using it as a service
 
 ```console
-git clone https://github.com/dosco/super-graph 
-cd ./super-graph
-make install
-
+get get https://github.com/dosco/super-graph 
 super-graph new <app_name>
 ```
 

config/dev.yml

@@ -116,18 +116,18 @@ database:
   # database ping timeout is used for db health checking
   ping_timeout: 1m
 
-  # Define additional variables here to be used with filters
-  variables:
-    admin_account_id: "5"
+# Define additional variables here to be used with filters
+variables:
+  admin_account_id: "5"
 
-  # Field and table names that you wish to block
-  blocklist:
-    - ar_internal_metadata
-    - schema_migrations
-    - secret
-    - password
-    - encrypted
-    - token
+# Field and table names that you wish to block
+blocklist:
+  - ar_internal_metadata
+  - schema_migrations
+  - secret
+  - password
+  - encrypted
+  - token
 
 tables:
   - name: customers

core/init.go

@@ -71,7 +71,7 @@ func (sg *SuperGraph) initConfig() error {
 	}
 
 	// Roles: validate and sanitize
-	c.RolesQuery = sanitize(c.RolesQuery)
+	c.RolesQuery = sanitizeVars(c.RolesQuery)
 
 	if len(c.RolesQuery) == 0 {
 		sg.log.Printf("WRN roles_query not defined: attribute based access control disabled")

examples/rails-app/demo.yml

@@ -3,6 +3,11 @@ services:
   db:
     image: postgres
     tmpfs: /var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    ports:
+      - "5432:5432"
       
   rails_app:
     image: dosco/super-graph-demo:latest