```query ($input_courseId: ID!, $user_id: ID!) {
...
# prisma-whats-newl
lastmjs
09/05/2017, 11:48 PM Copy code
query ($input_courseId: ID!, $user_id: ID!) {
SomeUserExists(
filter: {
id: $user_id,
OR: [{
ownedCourses_some: {
id: $input_courseId
}
},
{
role:ADMIN
}]
}
)
}j
juancjara
09/06/2017, 12:42 AMIs this query on a .graphql file?
l
lastmjs
09/06/2017, 2:24 AMNo, it is a permission query entered into the web GUI
d
dankent
09/06/2017, 3:16 PMI can replicate this behaviour using your permission query and (I assume) a similar schema
dankent
09/06/2017, 3:18 PMwhat type and operation are you putting the permission on?
l
lastmjs
09/06/2017, 3:19 PMHere's the type:
Copy code
type Assignment implements Node {
id: ID! @isUnique
createdAt: DateTime!
updatedAt: DateTime!
title: String!
course: Course @relation(name: "CourseOnAssignment")
author: User! @relation(name: "AuthorOnAssignment")
questions: [Question!]! @relation(name: "AssignmentQuestions")
questionType: QuestionType! @defaultValue(value: MULTIPLE_CHOICE)
concepts: [Concept!]! @relation(name: "AssignmentOnConcepts")
quiz: Quiz @relation(name: "AssignmentOnQuiz")
numCreateQuestions: Int! @defaultValue(value: 1)
numReviewQuestions: Int! @defaultValue(value: 3)
numResponseQuestions: Int! @defaultValue(value: 10)
numGradeResponses: Int! @defaultValue(value: 3)
}d
dankent
09/06/2017, 3:19 PMwhich operation are you putting the permission query on Create?
l
lastmjs
09/06/2017, 3:20 PMI believe so, I'm trying to make sure that was it
lastmjs
09/06/2017, 3:21 PMYes, create
lastmjs
09/06/2017, 3:22 PMThe same behavior as explained happens. I put in the first query, update the permission, then when I go to look at it it has the second strange query that has errors in the GUI
lastmjs
09/06/2017, 3:22 PMThanks for helping!
d
dankent
09/06/2017, 3:24 PMI can confirm that I get the same behaviour - no apparent error in the query but then after saving it, reopening it shows a broken version.
dankent
09/06/2017, 3:25 PMSo I think you have definitely found a bug
l
lastmjs
09/06/2017, 3:25 PMExcellent...kind of
d
dankent
09/06/2017, 3:27 PMThe right place to report bugs to the graph.cool team is here: https://github.com/graphcool/api-bugs/issues
dankent
09/06/2017, 3:27 PMBut in the meantime you need a workaround...
l
lastmjs
09/06/2017, 3:27 PMYes, definitely
d
dankent
09/06/2017, 3:33 PMYou could do a permission on the AssignMent-Course relationship rather than the creation of the Assignment. Something like: query ($user_id: ID!, $courseCourse_id: ID!) {
SomeUserExists(
filter: {
id: $user_id,
OR: [{
ownedCourses_some: {
id: $courseCourse_id
}
},
{
role:ADMIN
}]
}
)
}
dankent
09/06/2017, 3:34 PMI think this would cause a create of an Assignment to fail if the user was not an admin and was not the owner of the course
l
lastmjs
09/06/2017, 3:34 PMI'll take a look at this, thank you
d
dankent
09/06/2017, 3:36 PMAnd if you used this on both Connect and Disconnect for the relationship, users would also be prevented from moving assignments away from courses they did not own (as the disconnect permission would fail)
dankent
09/06/2017, 3:36 PMPermissions on Types (e.g. update) are not triggered when only a relationship changes, so you would probably want a permission on the relationship in any case
👍 1
l
lastmjs
09/06/2017, 3:57 PMI've got some good news. If I can generalize the experience I just had, it looks like the permission still works after saving it, it's just the GUI that displays the permission query incorrectly