Graphql-engine: 1.3.4-beta.1 select relations results in "database query error"

Created on 25 Nov 2020  路  6Comments  路  Source: hasura/graphql-engine

This results in an error:

mutation {
  update_smth_by_pk(pk_columns: { id: 1 }, _set: ...) {
    id
    rel {
      id
    }
  }
}

Update: the errors appears only for update_by_pk mutations,
update(where..) { returning { ... } } works

supporneeds-more-info
Source
picture webdeb

Most helpful comment

Found the issue! This was caused by an error in the way we construct our internal representation of "by pk" mutations (the error was also present in delete_by_pk). For the issue to arise, however, two conditions needed to be met:

  • a relation is present in the mutation output
  • the user does not have select permissions on all columns of the modified table

I've opened a PR on our internal repo that fixes this bug, it'll be included in 1.3.4.

picture nicuveo on 30 Nov 2020
👍3

All 6 comments

@webdeb I am not able to reproduce this with a simple example.

Could you share the sample table definitions (for the 2 tables involved in your example) ? Are you executing this as a role? Can you also share Hasura metadata like relationship definitions and permissions?

tirumaraiselvan picture tirumaraiselvan on 26 Nov 2020

@tirumaraiselvan I'm seeing the same error suddenly after upgrading to the latest version. My query is like this:

mutation UpdateOrder {
  update_orders_by_pk(pk_columns: {id: "..."}, _set: {assigned_to_id: "..."}) {
    id
    customer {
      id
      orders_aggregate(where: { status: {_neq: CANCELED}}) {
        aggregate {
          count
        }
      }
    }
  }
}

Looks like what makes it crash is the status: {_neq: CANCELED} piece.
If I use status: {_nin: [CANCELED]} instead it works without issues.

The error message is database query error but there's more info in a nested error:

{
   "exec_status": "FatalError",
   "hint": null,
   "message": "could not determine data type of parameter $1",
   "status_code": "42P18",
   "description": null
}
frandiox picture frandiox on 26 Nov 2020

@tirumaraiselvan I've just setup a demo on heroku to demonstrate the bug:

URL
http://hasura-issue-6255.herokuapp.com/v1/graphql

HEADERS
x-hasura-user-id = 1
x-hasura-role = user

QUERIES

mutation works_when_not_by_pk {
  update_post(where: {id: {_eq: 2}}, _set: {content: "Hello"}) {
    returning {
      id
      title
      content
      image {
        url
      }
    }
  }
}

mutation by_pk_works_without_relation {
  update_post_by_pk(pk_columns: {id: 2}, _set: {content: "Hello"}) {
    id
    title
    content
  }
}

mutation by_pk_with_rel_does_not_work {
  update_post_by_pk(pk_columns: {id: 2}, _set: {content: "Hello"}) {
    id
    title
    content
    image {
      url
    }
  }
}
webdeb picture webdeb on 28 Nov 2020

Tiru, you'll also find the metadata and migrations here:
https://github.com/webdeb/graphql-engine-heroku/tree/bug-6255

webdeb picture webdeb on 28 Nov 2020

Found the issue! This was caused by an error in the way we construct our internal representation of "by pk" mutations (the error was also present in delete_by_pk). For the issue to arise, however, two conditions needed to be met:

  • a relation is present in the mutation output
  • the user does not have select permissions on all columns of the modified table

I've opened a PR on our internal repo that fixes this bug, it'll be included in 1.3.4.

nicuveo picture nicuveo on 30 Nov 2020
👍3

@nicuveo great job!

webdeb picture webdeb on 2 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

codepunkt picture codepunkt  路  3Comments
lishine picture lishine  路  3Comments
marionschleifer picture marionschleifer  路  3Comments
egislook picture egislook  路  3Comments
Fortidude picture Fortidude  路  3Comments