I'm setting up a simple e-commerce app and need to...
# prisma-whats-new
j
I'm setting up a simple e-commerce app and need to process payment via Stripe, then write a new Order record to the database, with the paymentID from the transaction. I'm worried about permissions...don't want anyone to be able to set the
paid
field to
true
– is there a way to authenticate server-side so that writes can only be done via a server-side function?
j
Just remove the Update permissions for that type entirely, or remove the Update permissions for that field
This is well covered in the docs
j
But then will the update still work from within a function?
I need to be able to update the record, I just only want it to be possible from within a Resolver function
and sorry for my ignorance...I have a ton of experience with more traditional web apps (e.g. Django, Rails), but am now building my first production app in GraphQL...I've read most of the docs but still have some confusion which I'm sure will be cleared up once I have a little more experience
j
If you add a root token with the same name as the function the function will have super admin rights and full access to anything, disregarding auth queries 🙂