Skip to content

Create GraphQL service permission archtecture#838

Open
filiperochalopes wants to merge 8 commits intoOpenConceptLab:masterfrom
filiperochalopes:feature/graphql-permissions
Open

Create GraphQL service permission archtecture#838
filiperochalopes wants to merge 8 commits intoOpenConceptLab:masterfrom
filiperochalopes:feature/graphql-permissions

Conversation

@filiperochalopes
Copy link
Copy Markdown
Contributor

@filiperochalopes filiperochalopes commented Apr 6, 2026

Linked Issue

Closes OpenConceptLab/ocl_issues#2356

@filiperochalopes
fix(graphql): align search behavior with REST for HEAD versions
700cb8e 
* Adopt a permissive base QuerySet for textual GraphQL searches to rely on Elasticsearch's version filtering logic.

* Apply the same Elasticsearch filters as REST (source_version=HEAD and is_latest_version=True).

* Use strict 'id = versioned_object_id' filtering only when listing without search terms.

* Remove SQL fallback logic to ensure consistent ES-only behavior across REST and GraphQL search flows.
@filiperochalopes
chore: fix merge conflicts
08f2a45
@filiperochalopes
Merge branch 'master' of github.com:filiperochalopes/oclapi2
5684b94
@filiperochalopes
Merge branch 'master' of github.com:filiperochalopes/oclapi2
648799b
@filiperochalopes
Merge branch 'master' of github.com:filiperochalopes/oclapi2
5cdc2ea
@filiperochalopes
feat(core/graphql): enforce repo visibility on searches
33a108d 
* Add reusable GraphQL permission helpers, mixin, and decorator to gate repository access and reuse existing REST visibility filters.

* Update query helpers and tests to use the mixin, cache source-resolution lookups, and ensure ES and global searches respect visibility and repository permissions.
@filiperochalopes filiperochalopes self-assigned this Apr 6, 2026
@filiperochalopes
feat(search): share concept query helpers across APIs
fa0d5b5 
* Add shared concept search helpers (exact, wildcard, fuzzy criteria, mandatory word filters, and rescore) along with document visibility utilities so REST and GraphQL reuse the same logic.

* Update BaseAPIView and the GraphQL query pipeline to call the shared helpers, including the common visibility filter, so concept text search behavior and permissions remain aligned.

* Adjust GraphQL query helper tests to accommodate the new search flow and ensure the anonymous visibility filter continues to run.
@filiperochalopes
feat(graphql): add structured error responses
a290ba8 
* Add shared GraphQL error metadata and raise stable coded errors across permissions, queries, views, and schema logging
* Align global search and mapping helpers with REST visibility rules for consistent access control
* Guard Elasticsearch outages and invalid authentication paths to prevent unhandled failures
* Expand tests to cover structured error responses and failure scenarios
@filiperochalopes filiperochalopes marked this pull request as ready for review April 9, 2026 00:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@snyaggarwal snyaggarwal Awaiting requested review from snyaggarwal

At least 1 approving review is required to merge this pull request.

Assignees

@filiperochalopes filiperochalopes

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Defer GraphQL permission decorators until group authorization service is complete

1 participant

@filiperochalopes