Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Getting Access forbidden message when trying to use filter on graphql queries
See original GitHub issueDiscussed in https://github.com/Azure/data-api-builder/discussions/1423
<div type='discussions-op-text'>Originally posted by sumchans April 7, 2023 I have been trying out the data api builder for azure cosmos db and so far was successfully able to pull data from Azure Cosmos db. The issue I am having now is, when I use filter on the queries I get “Access forbidden to a field referenced in the filter.” I believe this has something to do configuring the permissions on the dab-config.json, but I am not able to get a head start so far on this.
Here is my query -
query filteritems {
items(filter: { userPhoneNumber: { contains: "4160000000" } }) {
items {
partitionKey
userPhoneNumber
userDisplayName
}
}
}
Here is the result -
{
"errors": [
{
"message": "Access forbidden to a field referenced in the filter.",
"extensions": {
"code": "AuthorizationCheckFailed"
}
}
]
}
Also attaching my dab-config json file -
{
"$schema": "https://github.com/Azure/data-api-builder/releases/download/v0.6.13/dab.draft.schema.json",
"data-source": {
"database-type": "cosmosdb_nosql",
"options": {
"database": "Database",
"schema": "schema.gql"
},
"connection-string": "connection-string;"
},
"runtime": {
"graphql": {
"allow-introspection": true,
"enabled": true,
"path": "/graphql"
},
"host": {
"mode": "development",
"cors": {
"origins": [],
"allow-credentials": false
},
"authentication": {
"provider": "StaticWebApps"
}
}
},
"entities": {
"Item": {
"source": "Items",
"graphql": true,
"permissions": [
{
"role": "anonymous",
"actions": [
"*"
],
"fields": {
"include": [
"*"
]
}
}
]
}
}
}
i have tried changing the configation and types of permissions but it looks like something broken between the current build (0.6.13) and the previous (0.35.5).
the stacktrace shows
[dataApi] info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
[dataApi] Request starting HTTP/1.1 POST http://localhost:4280/graphql application/json 247
[dataApi] info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
[dataApi] Executing endpoint 'Hot Chocolate GraphQL Pipeline'
[dataApi] fail: Azure.DataApiBuilder.Service.Startup[0]
[dataApi] Access forbidden to a field referenced in the filter.
[dataApi] fail: Azure.DataApiBuilder.Service.Startup[0]
[dataApi] at Azure.DataApiBuilder.Service.Models.GQLFilterParser.Parse(IMiddlewareContext ctx, IInputField filterArgumentSchema, List`1 fields, BaseQueryStructure queryStructure) in /_/src/Service/Models/GraphQLFilterParsers.cs:line 159
[dataApi] at Azure.DataApiBuilder.Service.Resolvers.CosmosQueryStructure.Init(IDictionary`2 queryParams) in /_/src/Service/Resolvers/CosmosQueryStructure.cs:line 160
[dataApi] at Azure.DataApiBuilder.Service.Resolvers.CosmosQueryEngine.ExecuteAsync(IMiddlewareContext context, IDictionary`2 parameters) in /_/src/Service/Resolvers/CosmosQueryEngine.cs:line 64
[dataApi] at Azure.DataApiBuilder.Service.Services.ResolverMiddleware.InvokeAsync(IMiddlewareContext context) in /_/src/Service/Services/ResolverMiddleware.cs:line 95
[dataApi] at HotChocolate.Utilities.MiddlewareCompiler`1.ExpressionHelper.AwaitTaskHelper(Task task)
[dataApi] at HotChocolate.Execution.Processing.Tasks.ResolverTask.ExecuteResolverPipelineAsync(CancellationToken cancellationToken)
[dataApi] at HotChocolate.Execution.Processing.Tasks.ResolverTask.TryExecuteAsync(CancellationToken cancellationToken)
[dataApi] info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
[dataApi] Executed endpoint 'Hot Chocolate GraphQL Pipeline'
[dataApi] info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
[dataApi] Request finished HTTP/1.1 POST http://localhost:4280/graphql application/json 247 - 500 - application/json;+charset=utf-8 864.3125ms
the code is not picking up any of the permissions (not explicit, not * and not if left empty) always returning false from this line
if i revert to previous version, the exact same definition works fine.
Issue Analytics
- State:
- Created 5 months ago
- Reactions:3
- Comments:14 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
this looks fine to me, with my current configuration
Thanks @dgcaron and @ksdaniel for reporting the issue! Really appreciate it.
0.7.5 is now marked our pre-release version for the upcoming new features. SWA CLI/Azure SWA database connections feature should still continue to work. They will not be updated unless we have the next stable dab version.