Gitlab::Graphql::Authorize::ConnectionFilterExtension resolves ActiveRecord::Relation value incorrectly for list type fields

Summary

Gitlab::Graphql::Authorize::ConnectionFilterExtension#after_resolve:54 works incorrectly

Steps to reproduce

Let's assume that we have type that exposes non-null items field:

module Types
  class SomeType < BasObject
    field :some_field, [Types::IssueType], null: true, description: 'Issues.'

    def some_field
      Issue.all # returns ActiveRecord::Relation
    end
  end
end

module Types
  class IssueType
    authorize :read_issue

    # Other code...
  end
end

module Types
  class QueryType
    field :some_type, Types::SomeType, null: true, description: '...'
  end
end

And we are making GraphQL request:

query {
  someType {
    someField
  }
}

What is the current bug behavior?

If user does not have permission :read_issue then error will occur - Cannot return null for non-nullable field SomeType.someField

What is the expected correct behavior?

Error should not have occured, expected to get empty array

Possible fixes

https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/graphql/authorize/connection_filter_extension.rb#L54

Edited Oct 03, 2023 by Zakir Dzhamaliddinov