## Critical Vulnerability Information ### Vulnerability Description - **Type**: Unauthorized Resource Access - **Cause**: Unauthorized resources were accessed when using Relay. ### Related Files and Code Changes - **File**: `src/GraphQL/Metadata/ResourceMetadataFactory.php` - **Change**: Added a call to the `resolveResourceClass` method to ensure correct resource class resolution when using Relay. ### Test Cases - **File**: `tests/Fixtures/Metadata/ResourceMetadataFactoryTest.php` - **Tests**: - `testResolveResourceClassWithOperation`: Tests correct resource class resolution when an operation name is provided. - `testResolveResourceClassWithoutOperation`: Tests correct resource class resolution when no operation name is specified. - `testResolveResourceClassWithInvalidOperation`: Tests that an exception is thrown when an invalid operation name is provided. ### Security Improvements - **Check**: Added a check for `$this->resourceClasses[$operationName]` within the `resolveResourceClass` method to ensure unauthorized resource nodes are not exposed when using Relay. ### Other Related Files - `src/GraphQL/Resolver/ResolverFactory.php` - `src/GraphQL/Resolver/ResolverFactoryInterface.php` - `src/GraphQL/Resolver/ResolverFactoryTrait.php` - `tests/Fixtures/Resolver/ResolverFactoryTest.php` ### Summary This commit fixes a security vulnerability that allowed unauthorized access to resources via Relay. By adding proper resource class resolution and corresponding test cases, the system's security has been enhanced.