Hello Just a little question about permissions format into ` Prisma #prisma-whats-new

Hello! Just a little question about permissions f...

fabien0102

10/17/2017, 9:31 AM

Hello! Just a little question about permissions format into

graphcool.yml

Copy code

permissions:
  # User
- operation: User.create
- operation: User.delete
  authentificate: true
- operation: User.update
  authentificate: true
- operation: User.read
  authentificate: true

Can I use any wildcard notation to shorter this?

nikolasburk

10/17/2017, 9:33 AM

User.*

should work

nikolasburk

10/17/2017, 9:33 AM

ah actually no, since

User.create

doesn’t require authentication

fabien0102

10/17/2017, 9:33 AM

Good! Any order issue?

nikolasburk

10/17/2017, 9:34 AM

(also it’s

authenticated

, not

authentificate

🙂 )

fabien0102

10/17/2017, 9:34 AM

(thank for the misspelled ^^)

fabien0102

10/17/2017, 9:36 AM

Copy code

- operation: User.create
- operation: User.*
  authenticated: true

Copy code

- operation: User.*
- operation: User.create
  authenticated: true

fabien0102

10/17/2017, 9:36 AM

I don't know the override rules

fabien0102

10/17/2017, 9:36 AM

or nothing will work in this case ?

fabien0102

10/17/2017, 9:47 AM

The second pattern make the most sense to me, but I really don't know if graphcool understand this kind of rules 🙂

fabien0102

10/17/2017, 9:47 AM

But maybe I will just make my own tests 😉

fabien0102

10/17/2017, 9:53 AM

BTW, any graphcool tools to test easily policies?

nikolasburk

10/17/2017, 10:00 AM

yes, we just added support for permission queries to GraphQL Playground: https://docs-next.graph.cool/reference/auth/authorization/permission-queries-iox3aqu0ee#writing-permission-queries-in-a-graphql-playground 🙂

fabien0102

10/17/2017, 10:01 AM

👍

nikolasburk

10/17/2017, 10:01 AM

also: I was wrong,

User.*

is actually not available at the moment! sorry for the wrong info, it’ll come soon but is currently not implemented! so I think you have to stick to your initial version, spelling out all permissions explicitly. 😐 again, sorry for the false info!

fabien0102

10/17/2017, 10:02 AM

It can explain my issue ^^

× unhandled error: Wrong operation defined for ModelPermission. You supplied: '*'

fabien0102

10/17/2017, 10:02 AM

Thank 😉

fabien0102

10/17/2017, 10:04 AM

When I see "wildcard" into the template message about policies, my first try was to do some

User.*

, maybe you can add a warning waiting for the full wildcard implementation 😉

fabien0102

10/17/2017, 10:09 AM

@nikolasburk Do you know how the rules are override. Basically, can I write something like think?

Copy code

- operation: *
- operation: User.create
  authenticated: true

Classic blacklist pattern in this case

nikolasburk

10/17/2017, 10:12 AM

no that doesn’t work. in this card, the

"*"

will override everything else

fabien0102

10/17/2017, 10:13 AM

Ok 😉

fabien0102

10/17/2017, 10:14 AM

So, it's just a white list pattern, cool 🙂

👍 1

fabien0102

10/17/2017, 10:14 AM

Thanks for your time

🙏 1

2 Views

Open in Slack

Previous Next