Can someone sanity check this permission query for...
# prisma-whats-newm
mwickett
09/26/2017, 2:27 PMCan someone sanity check this permission query for me - should allow either the owner of a credit OR a user with the Admin role to (in this case) read the Credit record
Copy code
query ($node_id: ID!, $user_id: ID!) {
SomeCreditExists(
filter: {
id: $node_id
user: {
OR: [{
id: $user_id
}, {
role: Admin
}]
}
})
}n
nilan
09/26/2017, 2:37 PMthis does not allow every admin access, only if they are the owner 🙂
m
mwickett
09/26/2017, 2:38 PMahh
mwickett
09/26/2017, 2:39 PMBetter to create a separate rule?
n
nilan
09/26/2017, 2:40 PMif you start with SomeUserExists, you can express it in one query
m
mwickett
09/26/2017, 2:41 PMThanks
mwickett
09/26/2017, 2:44 PMSomething like this:
Copy code
query ($node_id: ID!, $user_id: ID!) {
SomeUserExists(
filter: {
OR: [{
id: $user_id
role: Admin
}, {
id: $user_id
jobs_some: {
id: $node_id
}
}]
}
)
}mwickett
09/26/2017, 2:45 PMEither the userId has admin role, or the the node belongs to the user?
n
nilan
09/26/2017, 2:45 PMya! you can even pull out the user_id into the implicit AND
m
mwickett
09/26/2017, 2:46 PMRight! DRY 🙂
mwickett
09/26/2017, 2:49 PMJust to confirm I understood that:
Copy code
query ($user_id: ID!, $node_id: ID!) {
SomeUserExists(
filter: {
id: $user_id
OR: [{
role: Admin
}, {
jobs_some: {
id: $node_id
}
}]
}
)
}👌 1
p
pcooney10
09/27/2017, 3:03 PMHey @nilan, I had a similar question with the
ORORpcooney10
09/27/2017, 3:04 PMI created a question on the forum: https://www.graph.cool/forum/t/query-with-multiple-or-filters/1055 🙂
2 Views