Another question With ``` type User model ``` we get allUser Prisma #prisma-whats-new

Another question. With ``` type User @model { ......

Lotafak

12/11/2017, 3:53 PM

Another question. With

Copy code

type User @model { ... }

we get allUsers built-in method. Now, when I’m trying to restrict the access to read on this type I made

Copy code

permissions: 
  - operation: User.read
    authenticated: true
    query: url

and in linked file for query field

Copy code

query ($user_id: ID!) {
  SomeUserExists(filter: {id: $user_id})
}

but when any user is logged in I have access to all of the users. How can I rewrite it to achieve that logged in user can see only his data even if quering allUsers?

agartha

12/11/2017, 3:54 PM

You need to add a condition with

id: $node_id

agartha

12/11/2017, 3:54 PM

SomeUserExists(filter: { AND: [ { id: $user_id }, {id: $node_id } ] })

Lotafak

12/11/2017, 3:56 PM

Ok, I’ll give it a try in a sec

Lotafak

12/11/2017, 4:01 PM

Now it doesn’t fail like in my previous attempts, but also doesn’t return data for the one user that’s logged in

agartha

12/11/2017, 4:02 PM

Did you add

$node_id

as query parameter as well?

Lotafak

12/11/2017, 4:02 PM

Yes. Now the code looks like

Copy code

query ($user_id: ID!, $node_id: ID!) {
    SomeUserExists(
        filter: { 
            AND: [{
                id: $user_id
            }, {
                id: $node_id
            }]
        }
    )
}

agartha

12/11/2017, 4:03 PM

looks good

agartha

12/11/2017, 4:03 PM

Are you sure authentication works?

Lotafak

12/11/2017, 4:04 PM

I can log in and check whether user is logged in

Lotafak

12/11/2017, 4:05 PM

So I’m pretty sure I’m sending Authorization header with this request

agartha

12/11/2017, 4:05 PM

Then the query should work... If not, I don't know why not...

Lotafak

12/11/2017, 4:06 PM

Ok, thanks for help anyway 🙂

2 Views

Open in Slack

Previous Next