Channels
graphql-nexus
job-board
madewithprisma
mongodb
new-channel
new-channel
new-channel
new-channel
new-channel
orm-help
prisma-client
prisma-data-platform
prisma-go-community
prisma-in-production
prisma-jobs
prisma-migrate
prisma-studio
prisma-whats-new
prisma1-community
prismaday
prismaserverless
product-wishlist
random
Title
d
daniele
11/23/2017, 10:48 AMHi all I was looking on the graphcool example but I'm not sure how to implement it...What I would to do is:
given the authenticated user (token) I would like to retrieve all the companies related to his organizationi
iamclaytonray
11/23/2017, 12:25 PMYou can:
{
allUsers(filter: { username: "some-username" }) {
companies {
id
companyName
# etc
}
}
}d
daniele
11/23/2017, 12:26 PMhi @iamclaytonray
but this is in the graphcool or in the appollo-client?
i
iamclaytonray
11/23/2017, 12:26 PMSo when you query
allUsersUserThis is just a normal GraphQL query. This can be implemented either on the server or client
d
daniele
11/23/2017, 12:27 PMsorry but is the opposite
I want to display all the companies that the user can see
my schema is : Oranization, Companies
i
iamclaytonray
11/23/2017, 12:28 PMOne sec
Actually, what is the “User”? The Organization?
Or do you also have a User in the Schema?
d
daniele
11/23/2017, 12:29 PMtype Organization @model {
id: ID! @isUnique
name: String!
companies: [Company!]! @relation(name: "CompanyOnOrganization")
}
type Company @model {
id: ID! @isUnique
name: String!
color: String
logo: String
organization: Organization @relation(name: "CompanyOnOrganization")
users: [User!]! @relation(name: "UserOnCompany")
}i
iamclaytonray
11/23/2017, 12:29 PMThat’s your entire Schema?
If so, your relationship for
UserOnCompanyd
daniele
11/23/2017, 12:49 PM@iamclaytonray sorry but I don't think I'm explaining properly the problem
let's say that we have 4 companies, 2 for the 1 organization and 2 for the second one....what I want to achieve is that the logged in user have to be able to see only 2 companies and not the other 2
the entire schema is:
type Organization @model {
id: ID! @isUnique
name: String!
companies: [Company!]! @relation(name: "CompanyOnOrganization")
}
type Company @model {
id: ID! @isUnique
name: String!
color: String
logo: String
organization: Organization @relation(name: "CompanyOnOrganization")
users: [User!]! @relation(name: "UserOnCompany")
}
type User @model {
id: ID! @isUnique
createdAt: DateTime!
updatedAt: DateTime!
email: String! @isUnique
password: String!
name: String!
surname: String!
company: Company @relation(name: "UserOnCompany")
}i
iamclaytonray
11/23/2017, 1:02 PMGive me a few minutes and I’ll get something back to you 🙂
d
daniele
11/23/2017, 1:04 PMawesome thanks
i
iamclaytonray
11/23/2017, 2:22 PMSorry - crazy day
d
daniele
11/23/2017, 3:00 PMdon't worry @iamclaytonray I can wait
l
louis
11/24/2017, 8:58 AMHi there, we probably have the same problem. I guess you could do it with a simple filter, but is it also possible via permission query? Since it would be pretty easy to manipulate the query from the frontend in order to see organisations the User do not actually belong to.
greetings 🙂
i
iamclaytonray
11/24/2017, 8:59 AMI just woke up so I’ll finish the example. Yesterday was thanksgiving
So…
If the response payload from the
{
allOrganizations {
id
name
companies {
id
name
}
}
}{
"data": {
"allOrganizations": [
{
"id": "cjachl8h83x490109479olvfh",
"name": "Org 1",
"companies": [
{
"id": "cjachk82xdvhs0173qw3cjdah",
"name": "Company 1"
},
{
"id": "cjachkbjqdvig01732ymepajy",
"name": "Company 2"
}
]
},
{
"id": "cjachlbtu3x4s0109rbmd5pkr",
"name": "Org 2",
"companies": [
{
"id": "cjacjejpudm8e0112px5j3a06",
"name": "Company 3"
},
{
"id": "cjacjelebdm8k0112anbcbh2d",
"name": "Company 4"
}
]
}
]
}
}But we wanted to only get the User’s company he/she belongs to:
{
User(email: "<mailto:john@gmail.com|john@gmail.com>") {
name
company {
name
organization {
name
}
}
}
}And the payload would look like:
{
"data": {
"User": {
"name": "John Doe",
"company": {
"name": "Company 1",
"organization": {
"name": "Org 1"
}
}
}
}
}I don’t really want to set up permissions but the same concept applies
You could just query
currentUserAs long as you set up the relationships correctly, you shouldn’t need to do anything crazy with filtering or anything like that. As it stands right now, I can only access other Users’ companies/orgs if I replaced the email with their email. If I set up permissions, then I would only be able to query my (
<mailto:john@gmail.com|john@gmail.com>The only time I see filtering being necessary is on
allUsersObviously, when you query a single User, there is no need for filtering the User’s company. (Based on the schema, the User only has 1 company)
{
allUsers(filter: { company: { users_every: { email: "<mailto:john@gmail.com|john@gmail.com>" } } }) {
id
company {
name
organization {
name
}
}
}
}{
"data": {
"allUsers": [
{
"id": "cja0zkue9mo540143kcvmbvdq",
"company": {
"name": "Company 1",
"organization": {
"name": "Org 1"
}
}
}
]
}
}^ You could mis-match queries. For example, query the User. Company. Organization. Then you would just change up the data requirements based on the resource you are asking for
d
daniele
11/24/2017, 2:16 PMhey @iamclaytonray I saw your queries and they make sense...but what about if I do something like that instead:
- operation: 'Company.read'
authenticated: true
query: src/permissions/Company.graphql:RetrieveCompanyDataIs your logic still valid?
so we put inside Company.graphql
{
allUsers(filter: { company: { users_every: { email: "john@gmail.com" } } }) {
id
company {
name
organization {
name
}
}
}
}
there's no way to retrieve the user form the
Authorizationi
iamclaytonray
11/24/2017, 2:26 PMIt should with the correct token
Let me try it out real quick
❤️ 1
Sorry, the console is going super slow 😕
Well, not really working, haha
d
daniele
11/24/2017, 3:00 PMugh
i
iamclaytonray
11/24/2017, 3:01 PMIf I can’t get it to work, I’ll just upgrade it and test it out locally
d
daniele
11/24/2017, 6:01 PM@iamclaytonray any news?
i
iamclaytonray
11/24/2017, 6:02 PMLocal isn’t working for me right now 😕
d
daniele
11/24/2017, 6:02 PMoh but you don't have a docker? I'm doing everthing there
I just deployed in my docker container
i
iamclaytonray
11/24/2017, 6:02 PMI have Docker
It’s just not working
d
daniele
11/24/2017, 6:02 PMugh
weird
and online?
i
iamclaytonray
11/24/2017, 6:07 PMNope
Today just isn’t my day, haha
d
daniele
11/24/2017, 6:19 PM😂
Hey @iamclaytonray any luck?
i
iamclaytonray
11/25/2017, 11:33 AMYep
Sorry
The query still works as long as the User has the token
d
daniele
11/25/2017, 1:57 PMbut I need to pass the email?
{
allUsers(filter: { company: { users_every: { email: "<mailto:john@gmail.com|john@gmail.com>" } } }) {
id
company {
name
organization {
name
}
}
}
}it can't retrieve from the
Authorization tokeni
iamclaytonray
11/25/2017, 1:58 PMThat was actually a bad example.
d
daniele
11/25/2017, 1:59 PMsorry for bothering you so much I'm just trying to understand the best way to do it and try to became independent after that
so just to recap the idea was to use that:
- operation: 'Company.read'
authenticated: true
query: src/permissions/Company.graphql:RetrieveCompanyDataand what I don't know how to do properly
src/permissions/Company.graphql:RetrieveCompanyDatai
iamclaytonray
11/25/2017, 2:05 PMReplace
queryhandler:
code: src/RetrieveCompanyData.tsOr whatever the actual file is
d
daniele
11/25/2017, 2:05 PMfine
and the file contain?
i
iamclaytonray
11/25/2017, 2:06 PMOh, sorry… 😕
One sec, haha
Remove the
:RetrieveCompanyDataqueryActually… Ahh
I’m actually not sure, haha
d
daniele
11/25/2017, 2:08 PMOk I'm confused...do you remember the requirements right? Otherwise I'll give you back
i
iamclaytonray
11/25/2017, 2:09 PMYeah, I remember. I just never quite get stuff right in my
graphcool.ymlHaha
d
daniele
11/25/2017, 2:09 PM🙂
i
iamclaytonray
11/25/2017, 2:09 PMMaybe @nilan or @agartha could help out
Heading to the doctor and doing this on my phone is hard
d
daniele
11/25/2017, 2:13 PM😞
<https://www.graph.cool/forum/t/filter-companies-by-organizations/1713>I posted on the forum as well
i
iamclaytonray
11/25/2017, 2:39 PM🙂
a
agartha
11/25/2017, 2:43 PMWhat defines which companies a user can see?
All the companies in the same organization as the company that the user belongs to?
@daniele ^
d
daniele
11/25/2017, 2:50 PM@agartha
type Organization @model {
id: ID! @isUnique
name: String!
companies: [Company!]! @relation(name: "CompanyOnOrganization")
}
type Company @model {
id: ID! @isUnique
name: String!
color: String
logo: String
organization: Organization @relation(name: "CompanyOnOrganization")
users: [User!]! @relation(name: "UserOnCompany")
}
type User @model {
id: ID! @isUnique
createdAt: DateTime!
updatedAt: DateTime!
email: String! @isUnique
password: String!
name: String!
surname: String!
company: Company @relation(name: "UserOnCompany")
}1 Organization has multiple companies, 1 user belong to 1 company
a
agartha
11/25/2017, 2:53 PMYes I got that part. My question is: which companies is a user allowed to see? Only his own company? Or all companies in the organization of his own company? What's the exact requirement?
d
daniele
11/25/2017, 2:54 PMall the companies in this organization
👍🏻 1
a
agartha
11/25/2017, 2:57 PMSeems like
Company.readSomeCompanyExists(filter: { organization: { companies_some: { users_some: { id: $user_id } } } })Translated: For every company, check if the organization it belongs to has any company that has any user with the id of our current user
d
daniele
11/25/2017, 3:01 PMcorrect
the only thing is that I would like to use the Authorization token
instead to pass the email
a
agartha
11/25/2017, 3:02 PMDid you see email anywhere in my permission query?
I'm using
$user_idd
daniele
11/25/2017, 3:02 PMsorry my bad I was looking the other one
👍🏻 1
but we pass in any case the $user id
a
agartha
11/25/2017, 3:03 PMThat comes from the token
No need to pass it manually
d
daniele
11/25/2017, 3:03 PMoh so just to recap:
- operation: 'Company.read'
authenticated: true
query: src/permissions/Company.graphql:RetrieveCompanyDatawhere
RetrieveCompanyDataRetrieveCompanyData(filter: { organization: { companies_some: { users_some: { id: $user_id } } } })and it magically work
a
agartha
11/25/2017, 3:05 PMquery RetrieveCompanyData($user_id: ID!) {
SomeCompanyExists(filter: { organization: { companies_some: { users_some: { id: $user_id } } } })
}You mixed up the syntax a bit
^^ That's what you put in Company.graphql
d
daniele
11/25/2017, 3:06 PMoh ok .. and it will take the $user_id automatically
so I'll just do
allCompanies { id , name}( from my client - apollo )
a
agartha
11/25/2017, 3:07 PMYes, the only problem with permission queries is that they don't 'really' filter the results, just precent access to them
So you will get insufficient permissions errors
That you need to ignore on the client
d
daniele
11/25/2017, 3:09 PMgot it
I just need to extract the object with the result and ignore the other part
a
agartha
11/25/2017, 3:11 PMYes, the best thing to do is check the error code, so you only ignore permission errors, and not any other errors
d
daniele
11/25/2017, 3:12 PMand using a handler function doesn't help right?
a
agartha
11/25/2017, 3:12 PMHandler function?
d
daniele
11/25/2017, 3:13 PMhandler:
code: src/RetrieveCompanyData.tssomething like that
a
agartha
11/25/2017, 3:13 PMNo, because you cannot return model types from extension functions
d
daniele
11/25/2017, 3:14 PMgot it thanks
👍🏻 1
I think that it didn't like it...I'm still receiving all the companies
from my apollo-client:
private getAirlines = gql`{
allCompanies {
id
name
color
}
}`;I'm receiving 2 companies instead one
and without errors
just to show you the data from my console:
doing a query for all Users:
{
"data": {
"allUsers": [
{
"id": "cja5p7jqj00n401489881zjsh",
"name": "Daniele",
"email": "<mailto:superAdmin@admin.com|superAdmin@admin.com>",
"company": null
},
{
"id": "cja5pc1eb00oa0148jt5c8ehv",
"name": "Daniele",
"email": "<mailto:IAGAdmin@admin.com|IAGAdmin@admin.com>",
"company": {
"name": "Iberia",
"id": "cja5f6uh400vc0148jowhza3i"
}
},
{
"id": "cja5pc9a600ok0148nhtalk42",
"name": "Daniele",
"email": "<mailto:GateAdmin@admin.com|GateAdmin@admin.com>",
"company": {
"name": "Air Canada",
"id": "cja5pfodm00ow01489pvn2gwn"
}
}
]
}
}I've loggedin as
<mailto:GateAdmin@admin.com|GateAdmin@admin.com>and I'm receiving instead:
{
"data": {
"allCompanies": [
{
"id": "cja5f6uh400vc0148jowhza3i",
"name": "Iberia",
"color": "#fd272f",
"__typename": "Company"
},
{
"id": "cja5pfodm00ow01489pvn2gwn",
"name": "Air Canada",
"color": "#ee2c30",
"__typename": "Company"
}
]
}
}@agartha
a
agartha
11/25/2017, 3:33 PMAnd they belong to a different organization?
d
daniele
11/25/2017, 3:33 PMSi I give you the other queries as well
{
"data": {
"allOrganizations": [
{
"id": "cja5f3h1j00v001489mtj7s81",
"name": "IAG"
},
{
"id": "cja5f3pl300v40148fu0xb1n1",
"name": "Gate Gourmet"
}
]
}
}{
"data": {
"allCompanies": [
{
"name": "Iberia",
"organization": {
"name": "IAG"
}
},
{
"name": "Air Canada",
"organization": {
"name": "Gate Gourmet"
}
}
]
}
}{
"data": {
"allUsers": [
{
"id": "cja5p7jqj00n401489881zjsh",
"name": "Daniele",
"email": "<mailto:superAdmin@admin.com|superAdmin@admin.com>",
"company": null
},
{
"id": "cja5pc1eb00oa0148jt5c8ehv",
"name": "Daniele",
"email": "<mailto:IAGAdmin@admin.com|IAGAdmin@admin.com>",
"company": {
"name": "Iberia",
"id": "cja5f6uh400vc0148jowhza3i"
}
},
{
"id": "cja5pc9a600ok0148nhtalk42",
"name": "Daniele",
"email": "<mailto:GateAdmin@admin.com|GateAdmin@admin.com>",
"company": {
"name": "Air Canada",
"id": "cja5pfodm00ow01489pvn2gwn"
}
}
]
}
}it's enough?
my schema:
a
agartha
11/25/2017, 3:36 PMDid you deploy your changes?
d
daniele
11/25/2017, 3:36 PMI did
permissions:
- operation: 'Company.read'
authenticated: true
query: src/permissions/Company.graphql:RetrieveCompanyDataquery RetrieveCompanyData($user_id: ID!) {
SomeCompanyExists(filter:
{
organization: {
companies_some: {
users_some: {
id: $user_id
}
}
}
}
)
}Permissions
Wildcard Permission
- The wildcard permission for all types is removed.
Here are your GraphQL Endpoints:
Simple API: <http://localhost:60000/simple/v1/cj9n8k2ua00040148cpfxjp6p>
Relay API: <http://localhost:60000/relay/v1/cj9n8k2ua00040148cpfxjp6p>
Subscriptions API: <ws://localhost:60000/subscriptions/v1/cj9n8k2ua00040148cpfxjp6p>a
agartha
11/25/2017, 3:40 PMOw wait
The permission query is wrong after all
query RetrieveCompanyData($user_id: ID!, $node_id: ID!) {
SomeCompanyExists(filter:
{
id: $node_id
organization: {
companies_some: {
users_some: {
id: $user_id
}
}
}
}
)
}The previous permission query was always true, sorry...
d
daniele
11/25/2017, 3:47 PMwell now is always false
{
"data": null,
"errors": [
{
"locations": [
{
"line": 3,
"column": 5
}
],
"path": [
"allCompanies",
1,
"id"
],
"code": 3008,
"message": "Insufficient Permissions",
"requestId": "eu-west-1:simple:cjafidkc201vo0148gbdjp84z"
},
{
"locations": [
{
"line": 4,
"column": 5
}
],
"path": [
"allCompanies",
1,
"name"
],
"code": 3008,
"message": "Insufficient Permissions",
"requestId": "eu-west-1:simple:cjafidkc201vo0148gbdjp84z"
},
{
"locations": [
{
"line": 5,
"column": 5
}
],
"path": [
"allCompanies",
1,
"color"
],
"code": 3008,
"message": "Insufficient Permissions",
"requestId": "eu-west-1:simple:cjafidkc201vo0148gbdjp84z"
}
]
}@agartha
@nilan CC ( I replied on the forum as well)
@nilan I posted all the info that you asked
a
agartha
11/25/2017, 4:13 PM@nilan and I both came to the same conclusion about adding the id filter. I have no idea why it isn't returning any data now
d
daniele
11/25/2017, 4:16 PMI don't know what to say... I shared all my schema and data
and I added
- operation: 'Organization.read'
authenticated: truein case was that one the problem
but nothing
hi @nilan I replied to your questions on the forum ... I still stuck and no idea what is caused what https://www.graph.cool/forum/t/filter-companies-by-organizations/1713