[skip ci] re-enable permission check guard

Auke Booij · Auke Booij · commit c4c6334e979b · 2020-05-20T16:14:01.000+02:00
diff --git a/server/src-lib/Hasura/GraphQL/Schema.hs b/server/src-lib/Hasura/GraphQL/Schema.hs
@@ -35,7 +35,7 @@ buildGQLContext allTables =
     buildContextForRole roleName
   where
     allRoles :: HashSet RoleName
-    allRoles = allTables ^.. folded.tiRolePermInfoMap.to M.keys.folded
+    allRoles = S.insert adminRole $ allTables ^.. folded.tiRolePermInfoMap.to M.keys.folded
 
     buildContextForRole roleName = do
       SQLGenCtx{ stringifyNum } <- askSQLGenCtx
diff --git a/server/src-lib/Hasura/GraphQL/Schema/Select.hs b/server/src-lib/Hasura/GraphQL/Schema/Select.hs
@@ -392,16 +392,7 @@ fieldSelection
 fieldSelection fieldInfo selectPermissions stringifyNum = do
   case fieldInfo of
     FIColumn columnInfo -> maybeToList <$> runMaybeT do
-      -- TODO FIXME TODO FIXME
-      -- TODO FIXME TODO FIXME
-      -- TODO FIXME TODO FIXME
-      -- TODO FIXME TODO FIXME
-      -- TODO FIXME TODO FIXME
-
-      -- This guard should be enabled, but disabling it allows us to run some
-      -- queries until we fix permissions.
-
-      -- guard $ Set.member (pgiColumn columnInfo) (spiCols selectPermissions)
+      guard $ Set.member (pgiColumn columnInfo) (spiCols selectPermissions)
       let fieldName = pgiName columnInfo
           pathArg = jsonPathArg $ pgiType columnInfo
       field <- lift $ P.column (pgiType columnInfo) (G.Nullability $ pgiIsNullable columnInfo)
diff --git a/server/src-lib/Hasura/GraphQL/Schema/Table.hs b/server/src-lib/Hasura/GraphQL/Schema/Table.hs
@@ -26,7 +26,7 @@ import           Hasura.GraphQL.Parser.Class
 import           Hasura.GraphQL.Parser.Column  (qualifiedObjectToName)
 import           Hasura.RQL.Types
 import           Hasura.SQL.Types
-
+import           Hasura.RQL.DML.Internal
 
 -- | Table select columns enum
 --
@@ -93,8 +93,10 @@ tablePermissions
   -> m (Maybe RolePermInfo)
 tablePermissions table = do
   roleName  <- askRoleName
-  tableInfo <- _tiRolePermInfoMap <$> askTableInfo table
-  pure $ Map.lookup roleName tableInfo
+  tableInfo <- askTableInfo table
+  pure $ if roleName == adminRole
+    then Just $ mkAdminRolePermInfo $ _tiCoreInfo tableInfo
+    else Map.lookup roleName $ _tiRolePermInfoMap tableInfo
 
 tableSelectPermissions
   :: forall m n. (MonadSchema n m)
