Another question. With ``` type User @model { ......
# prisma-whats-new
l
Another question. With
Copy code
type User @model { ... }
we get allUsers built-in method. Now, when I’m trying to restrict the access to read on this type I made
Copy code
permissions: 
  - operation: User.read
    authenticated: true
    query: url
and in linked file for query field
Copy code
query ($user_id: ID!) {
  SomeUserExists(filter: {id: $user_id})
}
but when any user is logged in I have access to all of the users. How can I rewrite it to achieve that logged in user can see only his data even if quering allUsers?
a
You need to add a condition with
id: $node_id
SomeUserExists(filter: { AND: [ { id: $user_id }, {id: $node_id } ] })
l
Ok, I’ll give it a try in a sec
Now it doesn’t fail like in my previous attempts, but also doesn’t return data for the one user that’s logged in
a
Did you add
$node_id
as query parameter as well?
l
Yes. Now the code looks like
Copy code
query ($user_id: ID!, $node_id: ID!) {
    SomeUserExists(
        filter: { 
            AND: [{
                id: $user_id
            }, {
                id: $node_id
            }]
        }
    )
}
a
looks good
Are you sure authentication works?
l
I can log in and check whether user is logged in
So I’m pretty sure I’m sending Authorization header with this request
a
Then the query should work... If not, I don't know why not...
l
Ok, thanks for help anyway 🙂