Lotafak
12/11/2017, 3:53 PMtype User @model { ... }
we get allUsers built-in method. Now, when I’m trying to restrict the access to read on this type I made
permissions:
- operation: User.read
authenticated: true
query: url
and in linked file for query field
query ($user_id: ID!) {
SomeUserExists(filter: {id: $user_id})
}
but when any user is logged in I have access to all of the users. How can I rewrite it to achieve that logged in user can see only his data even if quering allUsers?agartha
12/11/2017, 3:54 PMid: $node_id
agartha
12/11/2017, 3:54 PMSomeUserExists(filter: { AND: [ { id: $user_id }, {id: $node_id } ] })
Lotafak
12/11/2017, 3:56 PMLotafak
12/11/2017, 4:01 PMagartha
12/11/2017, 4:02 PM$node_id
as query parameter as well?Lotafak
12/11/2017, 4:02 PMquery ($user_id: ID!, $node_id: ID!) {
SomeUserExists(
filter: {
AND: [{
id: $user_id
}, {
id: $node_id
}]
}
)
}
agartha
12/11/2017, 4:03 PMagartha
12/11/2017, 4:03 PMLotafak
12/11/2017, 4:04 PMLotafak
12/11/2017, 4:05 PMagartha
12/11/2017, 4:05 PMLotafak
12/11/2017, 4:06 PM