I've found examples where permissions allow auth u...
# prisma-whats-new
r
I've found examples where permissions allow auth users to create, but anyone who is authorised can read the document
t
you need to add a line to your
graphcool.yml
like this:
Copy code
permissions:
- operation: User.read
  authenticated: true
where
User
is the name of the type you want to set read permissions to
p
so you want authorized or authenticated user to read the document?
r
I want the user who created the document to be the only one who can read the document.
i.e.
authenticated: true
allows ALL authed users to read.
which is too open for my needs.
p
authentication means that you know who that person is
authorization means you decide what she/he can do
two different conecpts
now you need to create permission query, which is basiacally a filter
Copy code
query ($node_id: ID!, $user_id: ID!) {
  SomeDocumentExists(
    filter: {
      id: $node_id,
      createdBy: {
            id: $user_id
        }
      }
    )
}
more or less like that
assuming you're using builtin system type
User
field
createdBy
is of type
User
query above
a
Isn't this just client-side restrictions?
p
this is executed inside GC so it's server side