Title
d

daniele

11/23/2017, 10:48 AM
Hi all I was looking on the graphcool example but I'm not sure how to implement it...What I would to do is:
given the authenticated user (token) I would like to retrieve all the companies related to his organization
. I know that I can write a filter on apollo-client but I would like to do that on the graphcool. The question is I have to do a query or a handler function?
i

iamclaytonray

11/23/2017, 12:25 PM
You can:
{
  allUsers(filter: { username: "some-username" }) {
    companies {
      id
      companyName
      # etc
    }
  }
}
d

daniele

11/23/2017, 12:26 PM
hi @iamclaytonray
but this is in the graphcool or in the appollo-client?
i

iamclaytonray

11/23/2017, 12:26 PM
So when you query
allUsers
or even just a
User
, filter the User and just query the companies
This is just a normal GraphQL query. This can be implemented either on the server or client
d

daniele

11/23/2017, 12:27 PM
sorry but is the opposite
I want to display all the companies that the user can see
my schema is : Oranization, Companies
i

iamclaytonray

11/23/2017, 12:28 PM
One sec
Actually, what is the “User”? The Organization?
Or do you also have a User in the Schema?
d

daniele

11/23/2017, 12:29 PM
type Organization @model {
  id: ID! @isUnique
  name: String!
  companies: [Company!]! @relation(name: "CompanyOnOrganization")
}

type Company @model {
  id: ID! @isUnique
  name: String!
  color: String
  logo: String
  organization: Organization @relation(name: "CompanyOnOrganization")
  users: [User!]! @relation(name: "UserOnCompany")
}
i

iamclaytonray

11/23/2017, 12:29 PM
That’s your entire Schema?
If so, your relationship for
UserOnCompany
shouldn’t work, if you don’t have a User type
d

daniele

11/23/2017, 12:49 PM
@iamclaytonray sorry but I don't think I'm explaining properly the problem
let's say that we have 4 companies, 2 for the 1 organization and 2 for the second one....what I want to achieve is that the logged in user have to be able to see only 2 companies and not the other 2
the entire schema is:
type Organization @model {
  id: ID! @isUnique
  name: String!
  companies: [Company!]! @relation(name: "CompanyOnOrganization")
}

type Company @model {
  id: ID! @isUnique
  name: String!
  color: String
  logo: String
  organization: Organization @relation(name: "CompanyOnOrganization")
  users: [User!]! @relation(name: "UserOnCompany")
}

type User @model {
  id: ID! @isUnique
  createdAt: DateTime!
  updatedAt: DateTime!
  email: String! @isUnique
  password: String!
  name: String!
  surname: String!
  company: Company @relation(name: "UserOnCompany")
}
i

iamclaytonray

11/23/2017, 1:02 PM
Give me a few minutes and I’ll get something back to you 🙂
d

daniele

11/23/2017, 1:04 PM
awesome thanks
i

iamclaytonray

11/23/2017, 2:22 PM
Sorry - crazy day
d

daniele

11/23/2017, 3:00 PM
don't worry @iamclaytonray I can wait
l

louis

11/24/2017, 8:58 AM
Hi there, we probably have the same problem. I guess you could do it with a simple filter, but is it also possible via permission query? Since it would be pretty easy to manipulate the query from the frontend in order to see organisations the User do not actually belong to. greetings 🙂
i

iamclaytonray

11/24/2017, 8:59 AM
I just woke up so I’ll finish the example. Yesterday was thanksgiving
So…
If the response payload from the
{
  allOrganizations {
    id
    name
    companies {
      id
      name
    }
  }
}
query looks like this:
{
  "data": {
    "allOrganizations": [
      {
        "id": "cjachl8h83x490109479olvfh",
        "name": "Org 1",
        "companies": [
          {
            "id": "cjachk82xdvhs0173qw3cjdah",
            "name": "Company 1"
          },
          {
            "id": "cjachkbjqdvig01732ymepajy",
            "name": "Company 2"
          }
        ]
      },
      {
        "id": "cjachlbtu3x4s0109rbmd5pkr",
        "name": "Org 2",
        "companies": [
          {
            "id": "cjacjejpudm8e0112px5j3a06",
            "name": "Company 3"
          },
          {
            "id": "cjacjelebdm8k0112anbcbh2d",
            "name": "Company 4"
          }
        ]
      }
    ]
  }
}
But we wanted to only get the User’s company he/she belongs to:
{
  User(email: "<mailto:john@gmail.com|john@gmail.com>") {
    name
    company {
      name
      organization {
        name
      }
    }
  }
}
And the payload would look like:
{
  "data": {
    "User": {
      "name": "John Doe",
      "company": {
        "name": "Company 1",
        "organization": {
          "name": "Org 1"
        }
      }
    }
  }
}
I don’t really want to set up permissions but the same concept applies
You could just query
currentUser
As long as you set up the relationships correctly, you shouldn’t need to do anything crazy with filtering or anything like that. As it stands right now, I can only access other Users’ companies/orgs if I replaced the email with their email. If I set up permissions, then I would only be able to query my (
<mailto:john@gmail.com|john@gmail.com>
) account and other relevant data
The only time I see filtering being necessary is on
allUsers
Obviously, when you query a single User, there is no need for filtering the User’s company. (Based on the schema, the User only has 1 company)
{
  allUsers(filter: { company: { users_every: { email: "<mailto:john@gmail.com|john@gmail.com>" } } }) {
    id
    company {
      name
      organization {
        name
      }
    }
  }
}
would return:
{
  "data": {
    "allUsers": [
      {
        "id": "cja0zkue9mo540143kcvmbvdq",
        "company": {
          "name": "Company 1",
          "organization": {
            "name": "Org 1"
          }
        }
      }
    ]
  }
}
^ You could mis-match queries. For example, query the User. Company. Organization. Then you would just change up the data requirements based on the resource you are asking for
d

daniele

11/24/2017, 2:16 PM
hey @iamclaytonray I saw your queries and they make sense...but what about if I do something like that instead:
- operation: 'Company.read'
    authenticated: true
    query: src/permissions/Company.graphql:RetrieveCompanyData
Is your logic still valid?
so we put inside Company.graphql
{ allUsers(filter: { company: { users_every: { email: "john@gmail.com" } } }) { id company { name organization { name } } } }
there's no way to retrieve the user form the
Authorization
token?
i

iamclaytonray

11/24/2017, 2:26 PM
It should with the correct token
Let me try it out real quick
❤️ 1
Sorry, the console is going super slow 😕
Well, not really working, haha
d

daniele

11/24/2017, 3:00 PM
ugh
i

iamclaytonray

11/24/2017, 3:01 PM
If I can’t get it to work, I’ll just upgrade it and test it out locally
d

daniele

11/24/2017, 6:01 PM
@iamclaytonray any news?
i

iamclaytonray

11/24/2017, 6:02 PM
Local isn’t working for me right now 😕
d

daniele

11/24/2017, 6:02 PM
oh but you don't have a docker? I'm doing everthing there
I just deployed in my docker container
i

iamclaytonray

11/24/2017, 6:02 PM
I have Docker
It’s just not working
d

daniele

11/24/2017, 6:02 PM
ugh
weird
and online?
i

iamclaytonray

11/24/2017, 6:07 PM
Nope
Today just isn’t my day, haha
d

daniele

11/24/2017, 6:19 PM
😂
Hey @iamclaytonray any luck?
i

iamclaytonray

11/25/2017, 11:33 AM
Yep
Sorry
The query still works as long as the User has the token
d

daniele

11/25/2017, 1:57 PM
but I need to pass the email?
{
  allUsers(filter: { company: { users_every: { email: "<mailto:john@gmail.com|john@gmail.com>" } } }) {
    id
    company {
      name
      organization {
        name
      }
    }
  }
}
it can't retrieve from the
Authorization token
i

iamclaytonray

11/25/2017, 1:58 PM
That was actually a bad example.
d

daniele

11/25/2017, 1:59 PM
sorry for bothering you so much I'm just trying to understand the best way to do it and try to became independent after that
so just to recap the idea was to use that:
- operation: 'Company.read'
    authenticated: true
    query: src/permissions/Company.graphql:RetrieveCompanyData
and what I don't know how to do properly
src/permissions/Company.graphql:RetrieveCompanyData
i

iamclaytonray

11/25/2017, 2:05 PM
Replace
query
with:
handler:
      code: src/RetrieveCompanyData.ts
Or whatever the actual file is
d

daniele

11/25/2017, 2:05 PM
fine
and the file contain?
i

iamclaytonray

11/25/2017, 2:06 PM
Oh, sorry… 😕
One sec, haha
Remove the
:RetrieveCompanyData
from your
query
Actually… Ahh
I’m actually not sure, haha
d

daniele

11/25/2017, 2:08 PM
Ok I'm confused...do you remember the requirements right? Otherwise I'll give you back
i

iamclaytonray

11/25/2017, 2:09 PM
Yeah, I remember. I just never quite get stuff right in my
graphcool.yml
😕
Haha
d

daniele

11/25/2017, 2:09 PM
🙂
i

iamclaytonray

11/25/2017, 2:09 PM
Maybe @nilan or @agartha could help out
Heading to the doctor and doing this on my phone is hard
d

daniele

11/25/2017, 2:13 PM
😞
<https://www.graph.cool/forum/t/filter-companies-by-organizations/1713>
I posted on the forum as well
i

iamclaytonray

11/25/2017, 2:39 PM
🙂
a

agartha

11/25/2017, 2:43 PM
What defines which companies a user can see?
All the companies in the same organization as the company that the user belongs to?
@daniele ^
d

daniele

11/25/2017, 2:50 PM
@agartha
type Organization @model {
  id: ID! @isUnique
  name: String!
  companies: [Company!]! @relation(name: "CompanyOnOrganization")
}

type Company @model {
  id: ID! @isUnique
  name: String!
  color: String
  logo: String
  organization: Organization @relation(name: "CompanyOnOrganization")
  users: [User!]! @relation(name: "UserOnCompany")
}

type User @model {
  id: ID! @isUnique
  createdAt: DateTime!
  updatedAt: DateTime!
  email: String! @isUnique
  password: String!
  name: String!
  surname: String!
  company: Company @relation(name: "UserOnCompany")
}
1 Organization has multiple companies, 1 user belong to 1 company
a

agartha

11/25/2017, 2:53 PM
Yes I got that part. My question is: which companies is a user allowed to see? Only his own company? Or all companies in the organization of his own company? What's the exact requirement?
d

daniele

11/25/2017, 2:54 PM
all the companies in this organization
👍🏻 1
a

agartha

11/25/2017, 2:57 PM
Seems like
Company.read
should be something like:
SomeCompanyExists(filter: { organization: { companies_some: { users_some: { id: $user_id } } } })
Translated: For every company, check if the organization it belongs to has any company that has any user with the id of our current user
d

daniele

11/25/2017, 3:01 PM
correct
the only thing is that I would like to use the Authorization token
instead to pass the email
a

agartha

11/25/2017, 3:02 PM
Did you see email anywhere in my permission query?
I'm using
$user_id
, which is the user id from the Authorization token
d

daniele

11/25/2017, 3:02 PM
sorry my bad I was looking the other one
👍🏻 1
but we pass in any case the $user id
a

agartha

11/25/2017, 3:03 PM
That comes from the token
No need to pass it manually
d

daniele

11/25/2017, 3:03 PM
oh so just to recap:
- operation: 'Company.read'
    authenticated: true
    query: src/permissions/Company.graphql:RetrieveCompanyData
where
RetrieveCompanyData
is:
RetrieveCompanyData(filter: { organization: { companies_some: { users_some: { id: $user_id } } } })
and it magically work
a

agartha

11/25/2017, 3:05 PM
query RetrieveCompanyData($user_id: ID!) {
   SomeCompanyExists(filter: { organization: { companies_some: { users_some: { id: $user_id } } } })
}
You mixed up the syntax a bit
^^ That's what you put in Company.graphql
d

daniele

11/25/2017, 3:06 PM
oh ok .. and it will take the $user_id automatically
so I'll just do
allCompanies { id , name}
and that's all
( from my client - apollo )
a

agartha

11/25/2017, 3:07 PM
Yes, the only problem with permission queries is that they don't 'really' filter the results, just precent access to them
So you will get insufficient permissions errors
That you need to ignore on the client
d

daniele

11/25/2017, 3:09 PM
got it
I just need to extract the object with the result and ignore the other part
a

agartha

11/25/2017, 3:11 PM
Yes, the best thing to do is check the error code, so you only ignore permission errors, and not any other errors
d

daniele

11/25/2017, 3:12 PM
and using a handler function doesn't help right?
a

agartha

11/25/2017, 3:12 PM
Handler function?
d

daniele

11/25/2017, 3:13 PM
handler:
      code: src/RetrieveCompanyData.ts
something like that
a

agartha

11/25/2017, 3:13 PM
No, because you cannot return model types from extension functions
d

daniele

11/25/2017, 3:14 PM
got it thanks
👍🏻 1
I think that it didn't like it...I'm still receiving all the companies
from my apollo-client:
private getAirlines = gql`{
        allCompanies {
            id
            name
            color
        }
    }`;
I'm receiving 2 companies instead one
and without errors
just to show you the data from my console:
doing a query for all Users:
{
  "data": {
    "allUsers": [
      {
        "id": "cja5p7jqj00n401489881zjsh",
        "name": "Daniele",
        "email": "<mailto:superAdmin@admin.com|superAdmin@admin.com>",
        "company": null
      },
      {
        "id": "cja5pc1eb00oa0148jt5c8ehv",
        "name": "Daniele",
        "email": "<mailto:IAGAdmin@admin.com|IAGAdmin@admin.com>",
        "company": {
          "name": "Iberia",
          "id": "cja5f6uh400vc0148jowhza3i"
        }
      },
      {
        "id": "cja5pc9a600ok0148nhtalk42",
        "name": "Daniele",
        "email": "<mailto:GateAdmin@admin.com|GateAdmin@admin.com>",
        "company": {
          "name": "Air Canada",
          "id": "cja5pfodm00ow01489pvn2gwn"
        }
      }
    ]
  }
}
I've loggedin as
<mailto:GateAdmin@admin.com|GateAdmin@admin.com>
and I'm receiving instead:
{
  "data": {
    "allCompanies": [
      {
        "id": "cja5f6uh400vc0148jowhza3i",
        "name": "Iberia",
        "color": "#fd272f",
        "__typename": "Company"
      },
      {
        "id": "cja5pfodm00ow01489pvn2gwn",
        "name": "Air Canada",
        "color": "#ee2c30",
        "__typename": "Company"
      }
    ]
  }
}
@agartha
a

agartha

11/25/2017, 3:33 PM
And they belong to a different organization?
d

daniele

11/25/2017, 3:33 PM
Si I give you the other queries as well
{
  "data": {
    "allOrganizations": [
      {
        "id": "cja5f3h1j00v001489mtj7s81",
        "name": "IAG"
      },
      {
        "id": "cja5f3pl300v40148fu0xb1n1",
        "name": "Gate Gourmet"
      }
    ]
  }
}
{
  "data": {
    "allCompanies": [
      {
        "name": "Iberia",
        "organization": {
          "name": "IAG"
        }
      },
      {
        "name": "Air Canada",
        "organization": {
          "name": "Gate Gourmet"
        }
      }
    ]
  }
}
{
  "data": {
    "allUsers": [
      {
        "id": "cja5p7jqj00n401489881zjsh",
        "name": "Daniele",
        "email": "<mailto:superAdmin@admin.com|superAdmin@admin.com>",
        "company": null
      },
      {
        "id": "cja5pc1eb00oa0148jt5c8ehv",
        "name": "Daniele",
        "email": "<mailto:IAGAdmin@admin.com|IAGAdmin@admin.com>",
        "company": {
          "name": "Iberia",
          "id": "cja5f6uh400vc0148jowhza3i"
        }
      },
      {
        "id": "cja5pc9a600ok0148nhtalk42",
        "name": "Daniele",
        "email": "<mailto:GateAdmin@admin.com|GateAdmin@admin.com>",
        "company": {
          "name": "Air Canada",
          "id": "cja5pfodm00ow01489pvn2gwn"
        }
      }
    ]
  }
}
it's enough?
my schema:
a

agartha

11/25/2017, 3:36 PM
Did you deploy your changes?
d

daniele

11/25/2017, 3:36 PM
I did
permissions:
  - operation: 'Company.read'
    authenticated: true
    query: src/permissions/Company.graphql:RetrieveCompanyData
query RetrieveCompanyData($user_id: ID!) {
   SomeCompanyExists(filter: 
        { 
            organization: { 
                companies_some: { 
                    users_some: { 
                        id: $user_id 
                    } 
                } 
            } 
        }
    )
}
Permissions

  Wildcard Permission
   - The wildcard permission for all types is removed.

Here are your GraphQL Endpoints:

  Simple API:        <http://localhost:60000/simple/v1/cj9n8k2ua00040148cpfxjp6p>
  Relay API:         <http://localhost:60000/relay/v1/cj9n8k2ua00040148cpfxjp6p>
  Subscriptions API: <ws://localhost:60000/subscriptions/v1/cj9n8k2ua00040148cpfxjp6p>
a

agartha

11/25/2017, 3:40 PM
Ow wait
The permission query is wrong after all
query RetrieveCompanyData($user_id: ID!, $node_id: ID!) {
   SomeCompanyExists(filter: 
        { 
            id: $node_id
            organization: { 
                companies_some: { 
                    users_some: { 
                        id: $user_id 
                    } 
                } 
            } 
        }
    )
}
The previous permission query was always true, sorry...
d

daniele

11/25/2017, 3:47 PM
well now is always false
{
  "data": null,
  "errors": [
    {
      "locations": [
        {
          "line": 3,
          "column": 5
        }
      ],
      "path": [
        "allCompanies",
        1,
        "id"
      ],
      "code": 3008,
      "message": "Insufficient Permissions",
      "requestId": "eu-west-1:simple:cjafidkc201vo0148gbdjp84z"
    },
    {
      "locations": [
        {
          "line": 4,
          "column": 5
        }
      ],
      "path": [
        "allCompanies",
        1,
        "name"
      ],
      "code": 3008,
      "message": "Insufficient Permissions",
      "requestId": "eu-west-1:simple:cjafidkc201vo0148gbdjp84z"
    },
    {
      "locations": [
        {
          "line": 5,
          "column": 5
        }
      ],
      "path": [
        "allCompanies",
        1,
        "color"
      ],
      "code": 3008,
      "message": "Insufficient Permissions",
      "requestId": "eu-west-1:simple:cjafidkc201vo0148gbdjp84z"
    }
  ]
}
@agartha
@nilan CC ( I replied on the forum as well)
@nilan I posted all the info that you asked
a

agartha

11/25/2017, 4:13 PM
@nilan and I both came to the same conclusion about adding the id filter. I have no idea why it isn't returning any data now
d

daniele

11/25/2017, 4:16 PM
I don't know what to say... I shared all my schema and data
and I added
- operation: 'Organization.read'
    authenticated: true
in case was that one the problem
but nothing
hi @nilan I replied to your questions on the forum ... I still stuck and no idea what is caused what https://www.graph.cool/forum/t/filter-companies-by-organizations/1713