I've got a permission query question. I'm trying t...
# prisma-whats-new
l
I've got a permission query question. I'm trying to control who can set the relation for an author, for example the author of a blog post. I want the user creating the blog post to be able to be set as the author, but after that it cannot be changed. I'm confused as to how the permission query will work, because no blog post will have yet been created for me to check against
I think I've figured it out, but I'm not sure why it works
Copy code
query($user_id: ID!) {
    SomeUserExists(filter: {
        id: $user_id,
        ownedCourses_every: {
            author: {
                id: $user_id
            }
        }
    })
}
I have a course, and the course has an author. This is the AuthorOnCourse.connect permission
It seems to keep anyone but the true author from doing a connect
Well...it's not exactly passing my initial security checks