🚀 Release Notes

New Features

• #799 WPGraphQL sets core Post Types and Taxonomies to show_in_graphql during init instead of init_graphql_request now. This allows for get_post_types( [ 'show_in_graphql' => true ]) to work even outside the context of a GraphQL request. This is especially helpful for tools that want to know what Post Types and Taxonomies are set to show_in_graphql.

Bug Fixes

• #806 resolved. Querying "nodes" on menuItems was introduced as a regression during the v0.3.0 release. Thanks, @JosephCarrington for reporting and working through to confirm it's resolution.
• #797 resolved. The TypeRegistry was throwing some PHP warnings if TypeRegistry::get_type() was used for a not-yet registered Type.
• #803 Fixes a bug introduced by #799 🤦‍♂️. Thanks @benallfree for working through this with me to get it resolved.

This fixes a critical bug that was introduced by v0.3.0

There was a filter intended only to affect WP_Query calls within the GraphQL context, but it wasn't scoped properly and was affecting WP_Query calls outside of GraphQL requests, causing some funkiness in folks Dashboards.

It is recommended to update from v0.3.0 to v0.3.01 as soon as possible.

🚀 Release Notes

💥 BREAKING CHANGES & 📖 UPGRADE GUIDE

These features required re-architecting quite a bit of the internals of the plugin. Some classes, functions and filters no longer exist, so if you had a codebase that extended WPGraphQL in any way, we recommend reading the upgrade guide.

🗒 Release Summary

This release had 2 primary focuses: Model Layer and DataLoader (Deferred Resolvers). These 2 features are critical to the performance and security of WPGraphQL. Below are some highlights of these features, but you can read more about them here as well.

There are also other new features and bugfixes listed below.

⚡️DataLoader

The role of DataLoader is to efficiently load data. It makes use of Deferred resolution of fields, allowing for the fetching of data to happen in batches. You can read more about it here and here:

🔐 Model Layer

The primary role of the Model Layer is to centralize access checks for objects. Some examples: a "draft" post should only be accessible to authenticated users with proper capabilities to edit posts. User email addresses should only be exposed to authenticated users with the "list_users" capability. Themes and plugins should only be accessible to authenticated users with proper capabilities as well.

Prior to this release, WPGraphQL helped expose various Types of data, but left the responsibility of controlling "Access" to the site owner by filtering field resolvers and handling Auth checks themselves.

This release puts much more responsibility on the core WPGraphQL plugin where it has a much more restrictive by default approach to exposing data. Data that a vanilla WordPress install doesn't publicly exposed is no longer publicly exposed by WPGraphQL.

Each field can be modified by filters, so if the restrictions WPGraphQL imposes are too restrictive, site owners can still adjust the restrictions to allow access to whatever they want users to have access to.

You can read a bit more about this here and here

💥 Breaking Changes

As mentioned above, there are many breaking changes, specifically to how internal data is resolved. Below we've listed some high level breaking changes to look out for, but we recommend reading the upgrade guide for more information.

• Connection Resolvers have been completely revamped. If you've written your own ConnectionResolvers by extending any of the Connection classes, you will need to refactor your connection. The ConnectionResolvers were previously classes with static functions. They are no longer static, and maintain state of the connection. This allows for the connections to have proper context to pass through to pageInfo and the like. You can read about registering new connections here: https://docs.wpgraphql.com/extending/connections
• "roles" on users is now a Connection instead of a listOf strings. (ex: {user { id, roles { nodes { id, name } } } })
• CommentMutation input changed the field postId to commentOn. The field is the ID of the Post Object that the comment should be connected to, but can be an ID of any Post Type.

Security Audit

We had a formal security audit performed on the plugin by Simone Quatrini of Pen Test Partners. Fortunately, most of the issues reported by the audit were already being resolved by the Model Layer we had in progress at the time we received the report. Some additional issues were brought to our attention that were not on our radar and were addressed in this release. We recommend updating to this latest version to benefit from all the new features as well as the security fixes. In a week or two, we will publish more information about the security audit, but want to give folks the chance to update the plugin to the latest version before disclosing the issues that were reported.

✨ New Features

Some of these new features were also mentioned above in Breaking Changes.

• Updated Docker config for Travis CI tests to run in PHP 7.3. Thanks @mngi-arogers!
• New CursorBuilder class to provide more stability to cursor based pagination. Really great work here, @epeli!
• Travis CI is now running PHP Code Sniffer checks on the codebase. Currently set to allow fail, but sets us up to get closer to fully adopting WordPress Core Code Standards. Although, they may be changing soon too. Thanks @renatonascalves for hooking up Travis to run the sniffs!
• DataLoader / Deferred Resolvers: This release implements Deferred resolution throughout the entire codebase and provides a way for other datasources to take advantage of the same advantages. You can read more about Deferred resolution here: https://docs.wpgraphql.com/guides/deferred-resolvers/
• Loaders added to AppContext: DataLoader classes are now registered within AppContext and passed down to all Resolvers to make use of already cached data and centralized fetching (instead of relying on Globals). As part of this we got things hooked things up to allow for additional third party loaders to be added to AppContext via filter. Thanks for your work on this, @kidunot89!
• Revamped Connection Resolvers: Along with DataLoader, we revamped resolvers for Connections, making it much easier to create custom connection resolvers. You can read about registering connections here: https://docs.wpgraphql.com/extending/connections
• Model Layer: You can read more about the Model Layer here: https://docs.wpgraphql.com/guides/model-layer. Thanks for all your work on this feature, @CodeProKid!
• Revisions Support: You can now query revisions of Posts (or post_types).
• DataSource methods expect different arguments now. You must pass $context from resolvers to the DataSource methods now, to take advantage of Deferred resolution.
• Resolvers now receive instances of a Model instead of instances of \WP_Post or \WP_User, etc. If you were registering fields to PostObject Types, or Term Types or User Types, or almost anything, if the object being passed as the first argument of the resolver was a core \WP_* class instance, it will now be a WPGraphQL Model instance. . .for example: \WP_Post is now \WPGraphQL\Model\Post being passed in.

🐛 Bugfixes

• Adjustments to Cursor ordering / filters to support order by meta (or other values). Thanks @epeli!
• All sorts of access control data leaks. The Model Layer now restricts data that should be restricted and exposes it only to those with proper capabilities to view it. Thanks again to Simone for working with us on the Security Audit and providing us with a detailed report, and verifying that the issues had been properly resolved in this release!

🚀 Release Notes

Breaking Changes

• none

New Features

• #676: New TimezoneEnum type added to the Schema
• #719: New graphql_menu_item_connection_args and graphql_menu_item_connection_query_args filters added to the MenuItemConnectionResolver. Thanks @epeli!

Bug Fixes

• #714 Fixes global $post not properly being setup before resolving fields for posts. Thanks @epeli!
• #716: Adjusts how the MenuLocationEnum values are determined to include all locations, not just locations with a menu already assigned.

🚀 Release Notes:

Bug Fixes

• fixes bug with batch queries introduced in v0.2.1
• fixes a bug with the graphql_request_data filter causing issues in GET requests. Thanks @epeli!
• fixes a bug with root queries for individual post objects of custom post type. Thanks @mwidmann!

New Features

• add .gitattributes definitions to exlude files for output to packagist. Thanks @mikelking!
• add support for categoryNotIn and tagNotIn in PostObjectConnection queries. Thanks @craigmcnamara!
• adds Access-Control-Max-Age to the response headers to cache preflight options requests. Thanks @chriszarate!
• adds new argument to the sourceUrl on the MediaItem Type to allow for a specific size to be selected. Thanks @hsimah!

Updates

• updates to Docker environment for running automated tests. Thanks @mngi-arogers!
• updates to connection registry to make config methods public. Thanks @hsimah!
• adds test for children terms. Thanks @iimez!

🚀 RELEASE: v0.2.1

Release Notes:

• Update GraphQL-PHP from v0.11.2 to v0.12.6
• Update composer.json, composer.lock and other composer files to reflect changes

Bugfix

• fix php warnings being thrown by after_execute_actions in the Request.php class

🚀 RELEASE: v0.2.0

Breaking Changes

• the filter graphql_request_results can return data in a different shape than previously returned. If making use of this filter, verify it's working as expected or make appropriate changes for your use case.
  • WPGraphQL Insights (https://github.com/wp-graphql/wp-graphql-insights) uses this filter, so if you have this plugin active, be sure to update it to v0.3.0 needs to work properly with WPGraphQL v0.2.0+
• the do_graphql_request action now executes after the Schema has been built. In early days this hook was used sometimes to hook in and extend the Schema. If you have anything hooked here that modifies the Schema in some way, try hooking into graphql_get_schema instead.

New Features

• A new Request class has been introduced, simplifying and consolidating the entry points for execution of GraphQL requests. Thanks @chriszarate!
• A new graphql() function has been added as an entry point to the Request class. Ex: $resposne = graphql([ .'query' => '{posts{edges{node{id,title}}}}' ]);
• update menu items order to post__in instead of menu_order
• Update Type definitions for post_by_args. Thanks @hsimah!
  • ID was incorrectly expecting String instead of ID
  • postId was incorrectly expecting ID instead of Int
• Pass currentConnection and connectionArgs down through context to nested fields of a connection. See notes on usage here: https://github.com/wp-graphql/wp-graphql/pull/637

Release Notes

Enhancements & Bug Fixes

• #619 adds better Exceptions in TypeRegistry functions so that if Types / Fields aren't registered properly, the developer should have better insight into what they've done wrong
• #569 removes APIGen docs from the Travis-CI integration which was causing the build to appear as if it were failing when it wasn't actually failing. - thanks @CodeProKid!
• #576 Adds tests to ensure post excerpts are properly being output for the post being resolved. - thanks @CodeProKid!
• Typos corrected in some field descriptions. - Thanks @MoOx!
• Moves graphql_register_types hook later in TypeRegistry::init() to make sure all core Types (including Connections, Unions and Mutations) have all been registered and are available when extending the Schema.

Release Notes

New Features

• added resetUserPassword mutation – thanks @kellenmace
• added sendPasswordResetEmail mutation – thanks @kellenmace

Bug Fixes

• Update logo in README.md
• fixed #528 (generalSettings.startOfWeek throwing an error) – thanks @davidatwhiletrue
• fixes #578, restores the graphql_input_fields filter – thanks @chriszarate
• fixes #598, allows search results of Terms and Posts to include children (default was only objects with no parent).

Release Notes

• Update docker environment
• Fix bug with TermObject children missing for hierarchical Taxonomies

Release Notes

• Fixes critical bug in Type/Object/PostObject.php that was causing issues with media items
• Updates Docker configs to make it easier and faster to run tests in the Docker environment between changes

Release Notes

New Registration API

Similar to WordPress core register_* APIs, such as register_post_type, register_taxonomy, register_meta, etc, WPGraphQL now has it's own register_graphql_* API.

The following regiser_graphql_* functions are introduced with this release:

register_graphql_type
register_graphql_object_type
register_graphql_input_type
register_graphql_enum_type
register_graphql_union_type
register_graphql_field
register_graphql_fields
register_graphql_schema
register_graphql_connection
register_graphql_mutation
deregister_graphql_field

Docs to come, but for the time being, check the source code to see how things work. Specifically TypeRegistry.php. All Types have been refactored to be registered with these new functions.

BREAKING:

Deprecated hooks & filters

Some filters and hooks have been removed, intentionally, because they were redundant.

• graphql_root_queries: this filter has been removed. The RootQuery type is an ObjectType and already inherits the filters established in WPObjectType, so to add fields to the RootQuery, one could use the graphql_RootQuery_fields filter, or could (recommended) use the new register_graphql_field or register_graphql_fields functions to add fields to the root.
• graphql_post_object_mutation_input_fields: this filter has been removed. The input fields are simply fields of an InputObjectType, which inherit the filters established in WPObjectType, so to add fields, one can use the filters graphql_UpdatePostInput_fields or graphql_CreatePostInput_fields, or (recommended) use the new register_graphql_field or register_graphql_fields functions to add fields to the inputs.
• graphql_comment_mutation_input_fields: See previous note
• graphql_term_object_mutation_input_fields See above
• graphql_setting_mutation_input_fields: See above

Changes to various Type names

• various type names have changed for consistency.
• All input types now include Input in their name.
• All Enum types now include Enum in their name
• All Union types now include Union in their name
• All connections are registered via the register_graphql_connection() function, and therefore all connection types and fields have consistent naming, where before the names were a bit random
  • Connection input args have consistent names now.
    • For example: RootCommentsCommentArgs is now RootQueryToCommentConnectionWhereArgs (see: https://github.com/wp-graphql/wp-graphql/compare/release/v0.1.0?expand=1#diff-00fe868538645d14c1c8af8d3a19bde6)
    • RootCategoriesTermArgs is now RootQueryToCategoryConnectionWhereArgs https://github.com/wp-graphql/wp-graphql/compare/release/v0.1.0?expand=1#diff-9d7db44df670461f784357a0a7e3c860L83

Moved files / namespaces

• Connection resolvers have all been moved under WPGraphQL\Data. If you extend any of the existing resolver classes, you should be able to just update your namespace, such as changing \WPGraphQL\Type\PostObject\Connection\PostObjectConnectionResolver to \WPGraphQL\Data\PostObjectConnectionResolver as seen here: https://github.com/wp-graphql/wp-graphql/compare/release/v0.1.0?expand=1#diff-4232742370ce60dbe32afbf8e87e3476L382

Release Notes

Issues Closed

• #495
• #496
• #501
• #504
• #507 - Thanks @camsjams!
• #505 - Thanks @ElisaMassafra!
• #462

Docker Revamp (#462)

We were having issues with our Code Coverage reports since switching our testing to a Docker environment.

This release introduces a new Docker setup that effectively runs tests with coverage and utilizes CodeCov for coverage reports. Thanks @mngi-arogers for work on this!

Release Notes:

registerUser mutation

We now have a root registerUser mutation that allows for public users to register as a user on the site. Thanks for working on this @kellenmace!

Example usage:

mutation RegisterUser {
  registerUser(input: {
    clientMutationId: "registerUser"
    username: "newUser"
    password: "password"
    email: "[email protected]"
    firstName: "New"
    lastName: "User"
  }) {
    clientMutationId
    user {
      id
      userId
      username
      email
      firstName
      lastName
    }
  }
}

Bug fix

• Change when register_initial_settings is called

Release Notes

Bug Fixes

• introduces a new context-less hook do_action( 'init_graphql_request' ) which fires when a GraphQL request has begun. The use of do_graphql_request to trigger some actions in certain contexts was causing errors.

Tests

• adjusts PostObjectConnectionQueriesTest.php to generate much less data for Post Connection tests, speeding up the tests quite a bit. Thanks @chriszarate!

Composer Updates

Running composer validate presented some suggestions to adjust. This PR adjusts them.

• Remove version from composer.json
• Update Licence in composer.json
• Update composer.lock

Release Notes:

• Adjust the hooks for where register_initial_settings and setup_types occur to make sure core post_types are fully setup before building the Schema.
• Adjust the wp graphql generate-static-schema cli command to define the request as a GRAPHQL_REQUEST and run actions do_graphql_request and graphql_get_schema
• have the DataSource::resolve_post_object() method run setup_postdata() to make sure the Post is passing proper context down to it's resolvable fields.

Release Notes

User Role Queries

• You can now query for user role info using GraphQL!
• The following rootQueries now exist: userRole and userRoles
• example:

query GetUserRoles {
  userRoles {
    edges {
       node {
           name
           id
        }
     }
  }
}

Comment Mutations

• You can now mutate comments!
• The following root mutations are now available: createComment, deleteComment, updateComment, restoreComment

Menu Queries

• You can now query for menus (and menuItems)!
• The following root queries exist now: menu, menus, menuItem, menuItems
• example:

query GetMenuItems {
  menuItems {
    edges { 
       node {
          menuItemId
          connectedObject {
             ... on Post {
                title
                postId
             }
             ... on Category {
                name
                categoryId
             }
          }
       }
    }
  }
}

New Docker Environment!

• You can now easily launch a Docker environment for developing with/for WPGraphQL. At the root of the plugin is a docker-compose.dev.yml file with further instructions outlined on usage.

Misc changes / bug fixes

• update .gitignore to ignore .vscode files and phpunit.xml
• update bin/install-wp-tests.sh to allow for overriding the $DB_USERwhen setting up tests
• fixed a bug with $request variables not working right in one of the hooks
• fixed a bug with apply_filters( 'the_title' ) being applied incorrectly
• WPUnionType introduced (in favor of GraphQL/UnionType)
• fixed bug with sourceUrl not properly being returned when querying for sizes on a mediaItem
• made graphql_init a pluggable function allowing for it to be initialized externally once only for themes/plugins that include it in their codebase

BREAKING CHANGES:

• removed filter graphql_type_config in favor of graphql_wp_object_type_config
• removed filter graphql_comment_author_union_possible_types in favor of the centralized filter graphql_wp_union_type_config in the new WPUnionType
• removed filter graphql_post_object_union_possible_types in favor of the centralized filter graphql_wp_union_type_config in the new WPUnionType
• removed filter graphql_term_object_union_possible_types in favor of the centralized filter graphql_wp_union_type_config in the new WPUnionType

Thanks for contributing to this release @chriszarate @CodeProKid @ElisaMassafra @timhanlon @natewoodbridge @jmlallier @kidunot89!

Release Notes

Bug Fixes

• fixes bug with setting a parent using the parentId input during PostObject mutations
• fixes a bug with not properly returning errors in JSON when exceptions outside the Router.php execution occur

Release Notes:

• Updates to the main README to make it easier to find some resources about plugin usage
• Introduce graphql_access_control_allow_headers filter
• Adjust some sanitization re: GET request handling
• Fixes a bug with undefined variables for GET requests
• Adds stati arg to PostObjectConnectionArgs
• Fixes bug re: ordering by in, notIn and parentIn

Release Notes

Docker Environment for local dev & testing

• @chriszarate did some awesome work getting the plugin working with Docker. You can read about how to use Docker for local development in the Readme, and the tests run in the Docker environment on Travis as well. Thanks @chriszarate!!
• We've got functional and acceptance test support now!! so now we can test using actual remote requests, imitating how Apollo would send a request, for example! Great stuff.

Pagination Tweaks

• Also the work of @chriszarate. Some funkiness with cursor pagination was addressed. Fwiw, there's likely more funkiness with pagination to be addressed, so if you're reading this, try and paginate various data sets and if it's not working as expected, hop in and contribute to make it better! 😉

Fix PostObjectType resolvers

• #402 addresses an issue with the "taxonomies" field on PostObjectType

Adjust QueryArgs for connections

• #418 adds more context to the ConnectionArgs classes and passes the Type $config to filters, so extensions (such as WPGraphQL Meta Query & WPGraphQL Tax Query) can hook in more precisely and take advantage of specific Type config. This opens the door a bit more for more granular filtering in general.

Misc Updates

• updated license tag in composer.json
• adjusted some hook and filter arguments to continue to play nice with WPGraphQL Insights