Make authorizer work for nested relations (#355)

Currently authorizer works more-or-less only one level down.

For example, if you have following entities:

- TaskDTO
  - .subTasks (SubTaskDTO)
    - .subSubTasks (SubSubTaskDTO)
    
Then if you try to fetch tasks along with their sub-tasks and
sub-sub-tasks; the authorizer of `SubSubTaskDTO` isn't used, nor is the
`relation.auth` used which can be defined at `SubTaskDTO` level for the
`subSubTasks` relation.

This PR fixes it - so that authorizers defined in nested DTOs are also
called, if they exist.

P.S. **For now this PR makes the fix only for read relations**, but I
can easily do it for update/remove relations resolvers too. @TriPSs just
let me know if you're okay with the fix and be willing to merge this -
then I'll finish the PR so it works for the other resolvers as well.

Author: TriPSs

examples/auth/e2e/fixtures.ts

@@ -1,6 +1,7 @@
 import { DataSource } from 'typeorm'
 
 import { executeTruncate } from '../../helpers'
+import { SubSubTaskEntity } from '../src/sub-sub-task/sub-sub-task.entity'
 import { SubTaskEntity } from '../src/sub-task/sub-task.entity'
 import { TagEntity } from '../src/tag/tag.entity'
 import { TodoItemEntity } from '../src/todo-item/todo-item.entity'
@@ -15,6 +16,7 @@ export const refresh = async (dataSource: DataSource): Promise<void> => {
   const userRepo = dataSource.getRepository(UserEntity)
   const todoRepo = dataSource.getRepository(TodoItemEntity)
   const subTaskRepo = dataSource.getRepository(SubTaskEntity)
+  const subSubTaskRepo = dataSource.getRepository(SubSubTaskEntity)
   const tagsRepo = dataSource.getRepository(TagEntity)
 
   const users = await userRepo.save([
@@ -50,15 +52,24 @@ export const refresh = async (dataSource: DataSource): Promise<void> => {
     Promise.resolve([] as TodoItemEntity[])
   )
 
-  await subTaskRepo.save(
-    todoItems.reduce(
-      (subTasks, todo) => [
-        ...subTasks,
+  const subTasks: SubTaskEntity[] = await subTaskRepo.save(
+    todoItems.flatMap(
+      (todo) => [
         { completed: true, title: `${todo.title} - Sub Task 1`, todoItem: todo, ownerId: todo.ownerId },
         { completed: false, title: `${todo.title} - Sub Task 2`, todoItem: todo, ownerId: todo.ownerId },
         { completed: false, title: `${todo.title} - Sub Task 3`, todoItem: todo, ownerId: todo.ownerId }
       ],
-      [] as Partial<SubTaskEntity>[]
+      []
+    )
+  )
+
+  await subSubTaskRepo.save(
+    subTasks.flatMap(
+      (parent) => [
+        { subTask: parent, title: `${parent.title} - Sub Sub Task Public`, public: true },
+        { subTask: parent, title: `${parent.title} - Sub Sub Task Private`, public: false }
+      ],
+      []
     )
   )
 }

examples/auth/e2e/todo-item.resolver.spec.ts

@@ -426,6 +426,61 @@ describe('TodoItemResolver (auth - e2e)', () => {
           ])
         }))
 
+    it(`should allow fetching subSubTasks, but only the ones that are allowed by the nested authorizers`, () =>
+      request(app.getHttpServer())
+        .post('/graphql')
+        .auth(jwtToken, { type: 'bearer' })
+        .send({
+          operationName: null,
+          variables: {},
+          query: `{
+          todoItems {
+            edges {
+              node {
+                subTasks {
+                  edges {
+                    node {
+                      subSubTasks {
+                        title
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }`
+        })
+        .expect(200)
+        .then(({ body }) => {
+          const {
+            edges: [{ node: task }]
+          }: {
+            edges: Array<{
+              node: {
+                subTasks: {
+                  edges: Array<{
+                    node: {
+                      subSubTasks: Array<{
+                        title: string
+                      }>
+                    }
+                  }>
+                }
+              }
+            }>
+          } = body.data.todoItems
+          const [subTask] = task.subTasks.edges.map((e) => e.node)
+
+          expect(subTask).toEqual({
+            subSubTasks: [
+              {
+                title: 'Create Nest App - Sub Task 1 - Sub Sub Task Public'
+              }
+            ]
+          })
+        }))
+
     it(`should allow querying on tags`, () =>
       request(app.getHttpServer())
         .post('/graphql')
@@ -620,7 +675,7 @@ describe('TodoItemResolver (auth - e2e)', () => {
         .send({
           operationName: null,
           variables: {},
-          query: `{ 
+          query: `{
           todoItemAggregate {
               ${todoItemAggregateFields}
             }
@@ -647,7 +702,7 @@ describe('TodoItemResolver (auth - e2e)', () => {
         .send({
           operationName: null,
           variables: {},
-          query: `{ 
+          query: `{
             todoItemAggregate {
                 ${todoItemAggregateFields}
               }
@@ -674,7 +729,7 @@ describe('TodoItemResolver (auth - e2e)', () => {
         .send({
           operationName: null,
           variables: {},
-          query: `{ 
+          query: `{
           todoItemAggregate(filter: { completed: { is: false } }) {
               ${todoItemAggregateFields}
             }