Describe the Bug
In our codebase we have this mutation
update_post: PostType = DjangoUpdateMutation(
PostInput,
extensions=[HasRetvalPerm("post.change_post")],
)
where a Post can have a user (author):
@strawberry_django.type(Post)
class PostType(RandomPkInterface):
name: strawberry.auto
user: Optional[
Annotated["UserType", strawberry.lazy("accounts.types")]
] = strawberry_django.field(
extensions=[HasSourcePerm("post.view_post")]
)
and the input class is:
@strawberry_django.input(Post, partial=True)
class PostInput:
id: uuid.UUID
description: Optional[str]
owner: Optional[OneToOneInput]
Before updating to:
- strawberry-graphql[cli]==0.258.0
- strawberry-graphql-django==0.55.1
our versions where:
- strawberry-graphql[cli]==0.242.0
- strawberry-graphql-django==0.48
and running a query like this
mutation {
updateMeasure(input: { id: "ID" }) {
... on PostType {
id
name
user {
id
}
}
}
}
would work properly. Hower, after the update, we get a permission error
Given perms must have same app label ("post" != "accounts")
The error is returned only if we include user in the fragment
Is there something I'm missing?
Is this the correct way to add permissions to an update mutation or is it just a bug?
System Information
- Strawberry version: 0.258.0
- Strawberry django version (if applicable): 0.55.1
Additional Context
strawberry-graphql / strawberry-django
Strawberry GraphQL Django extension
439
How does funding with Polar work?
1
Pay now to fund the work behind this issue.
2
Get updates on progress being made.
3
Maintainer is rewarded once the issue is completed.
FAQ
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too