New failing test case with external type

tests/Fixtures/Integration/Controllers/ProductController.php

@@ -12,6 +12,7 @@
 use TheCodingMachine\GraphQLite\Annotations\UseInputType;
 use TheCodingMachine\GraphQLite\Fixtures\Integration\Models\Contact;
 use TheCodingMachine\GraphQLite\Fixtures\Integration\Models\Product;
+use TheCodingMachine\GraphQLite\Fixtures\Integration\Models\ProductInternal;
 use TheCodingMachine\GraphQLite\Fixtures\Integration\Models\ProductTypeEnum;
 use TheCodingMachine\GraphQLite\Fixtures\Integration\Models\SpecialProduct;
 use TheCodingMachine\GraphQLite\Fixtures\Integration\Models\TrickyProduct;
@@ -29,6 +30,15 @@ public function getProducts(): ArrayResult
         ]);
     }
 
+    /**
+     * @Query()
+     * @return ProductInternal
+     */
+    public function getProductsExternalType()
+    {
+        return new ProductInternal();
+    }
+
     /**
      * This is supposed to return an array of products... but it returns an array of array of Products.
      * Useful to test error messages.

tests/Fixtures/Integration/Models/ProductExternalType.php

@@ -0,0 +1,50 @@
+<?php
+
+
+namespace TheCodingMachine\GraphQLite\Fixtures\Integration\Models;
+
+
+use DateTimeInterface;
+use Psr\Http\Message\UploadedFileInterface;
+use TheCodingMachine\GraphQLite\Annotations\Factory;
+use TheCodingMachine\GraphQLite\Annotations\FailWith;
+use TheCodingMachine\GraphQLite\Annotations\Field;
+use TheCodingMachine\GraphQLite\Annotations\Right;
+use TheCodingMachine\GraphQLite\Annotations\Security;
+use TheCodingMachine\GraphQLite\Annotations\Type;
+
+class ProductInternal
+{
+    public function getMargin(): float
+    {
+        return 12.0;
+    }
+}
+
+/**
+ * @Type(class=ProductInternal::class)
+ */
+class ProductExternalType {
+    /**
+     * @Field()
+     * @Security("this.canAccess()")
+     */
+    public function getMarginFails(ProductInternal $product): float
+    {
+        return $product->getMargin();
+    }
+
+    /**
+     * @Field()
+     */
+    public function getMarginOk(ProductInternal $product): float
+    {
+        return $product->getMargin();
+    }
+
+    public function canAccess(): bool
+    {
+        return false;
+    }
+
+}

tests/Integration/EndToEndTest.php

@@ -1556,6 +1556,43 @@ public function testEndToEndSecurityInField(): void
         $this->assertSame('Access denied.', $result->toArray(DebugFlag::RETHROW_UNSAFE_EXCEPTIONS)['errors'][0]['message']);
     }
 
+    public function testEndToEndSecurityInFieldExternalType(): void
+    {
+        $schema = $this->mainContainer->get(Schema::class);
+        assert($schema instanceof Schema);
+
+        $queryString = '
+        query {
+            productsExternalType {
+                marginOk
+            }
+        }
+        ';
+
+        $result = GraphQL::executeQuery(
+            $schema,
+            $queryString,
+        );
+        $data = $this->getSuccessResult($result);
+        $this->assertSame(12.0, $data['productsExternalType']['marginOk']);
+
+
+        $queryString = '
+        query {
+            productsExternalType {
+                marginFails
+            }
+        }
+        ';
+
+        $result = GraphQL::executeQuery(
+            $schema,
+            $queryString,
+        );
+        $data = $this->getSuccessResult($result);
+        $this->assertSame(12.0, $data['productsExternalType']['marginOk']);
+    }
+
     public function testEndToEndUnions(): void
     {
         $schema = $this->mainContainer->get(Schema::class);