lib/graphql/schema/member/instrumentation.rb in graphql-1.8.3 vs lib/graphql/schema/member/instrumentation.rb in graphql-1.8.4

@@ -25,11 +25,11 @@
           else
             root_type = query.irep_selection.return_type
             # If it has a wrapper, apply it
             wrapper_class = root_type.metadata[:type_class]
             if wrapper_class
-              new_root_value = wrapper_class.new(query.root_value, query.context)
+              new_root_value = wrapper_class.authorized_new(query.root_value, query.context)
               query.root_value = new_root_value
             end
           end
         end
 
@@ -70,42 +70,40 @@
             @list_depth = list_depth
           end
 
           def call(obj, args, ctx)
             result = @inner_resolve.call(obj, args, ctx)
-            if ctx.schema.lazy?(result)
-              # Wrap it later
+            if ctx.skip == result || ctx.schema.lazy?(result) || result.nil? || result.is_a?(GraphQL::ExecutionError) || ctx.wrapped_object
               result
-            elsif ctx.skip == result
-              result
             else
-              proxy_to_depth(result, @list_depth, @inner_return_type, ctx)
+              ctx.wrapped_object = true
+              proxy_to_depth(result, @list_depth, ctx)
             end
+          rescue GraphQL::UnauthorizedError => err
+            ctx.schema.unauthorized_object(err)
           end
 
           private
 
-          def proxy_to_depth(obj, depth, type, ctx)
-            if obj.nil?
-              obj
-            elsif depth > 0
-              obj.map { |inner_obj| proxy_to_depth(inner_obj, depth - 1, type, ctx) }
+          def proxy_to_depth(inner_obj, depth, ctx)
+            if depth > 0
+              inner_obj.map { |i| proxy_to_depth(i, depth - 1, ctx) }
             else
-              concrete_type = case type
+              concrete_type = case @inner_return_type
               when GraphQL::UnionType, GraphQL::InterfaceType
-                ctx.query.resolve_type(type, obj)
+                ctx.query.resolve_type(@inner_return_type, inner_obj)
               when GraphQL::ObjectType
-                type
+                @inner_return_type
               else
-                raise "unexpected proxying type #{type} for #{obj} at #{ctx.owner_type}.#{ctx.field.name}"
+                raise "unexpected proxying type #{@inner_return_type} for #{inner_obj} at #{ctx.owner_type}.#{ctx.field.name}"
               end
 
               if concrete_type && (object_class = concrete_type.metadata[:type_class])
                 # use the query-level context here, since it won't be field-specific anyways
                 query_ctx = ctx.query.context
-                object_class.new(obj, query_ctx)
+                object_class.authorized_new(inner_obj, query_ctx)
               else
-                obj
+                inner_obj
               end
             end
           end
         end
       end