I have a type that for some users have no nodes. R...
# prisma-whats-newv
valein
09/05/2017, 3:31 PMI have a type that for some users have no nodes. Running a query on this node for those users yields me an "Insufficient Permissions" error instead of an empty array. Is this expected behaviour or is my permission query the culprit?
Read permission query for the Company type, applied on all fields:
Copy code
query ($user_id: ID!, $node_id: ID!) {
SomeCompanyExists(
filter: {
id: $node_id,
owner: {
id: $user_id
}
}
)
}d
dankent
09/05/2017, 3:48 PMI don't get that behaviour
dankent
09/05/2017, 3:48 PMSchema:
dankent
09/05/2017, 3:48 PMtype Company implements Node {
createdAt: DateTime!
dummy: String!
id: ID! @isUnique
owner: User @relation(name: "CompanyOnUser")
updatedAt: DateTime!
}
dankent
09/05/2017, 3:48 PMPermission query:
dankent
09/05/2017, 3:48 PMquery ($node_id: ID!, $user_id: ID!) {
SomeCompanyExists(
filter: {
id: $node_id,
owner: {
id: $user_id
}
}
)
}
dankent
09/05/2017, 3:49 PMQuery:
dankent
09/05/2017, 3:49 PMquery{
allUsers{
id
companies{
id
dummy
}
}
}
dankent
09/05/2017, 3:49 PMResult:
dankent
09/05/2017, 3:49 PM Copy code
{
"data": {
"allUsers": [
{
"id": "cj7085lpl8szi0143vvmf14yw",
"companies": []
},
{
"id": "cj7086klwduv60131gyv4ytd3",
"companies": []
}
]
}
}dankent
09/05/2017, 3:50 PMI get the same result whether I run the query as admin or as a user
dankent
09/05/2017, 3:50 PMWhat does your query look like?
v
valein
09/05/2017, 4:22 PMmy query looks like:
Copy code
query {
allCompanies {
id
name
}
}d
dankent
09/05/2017, 4:35 PMAh, that would explain why you are getting the permission error then
dankent
09/05/2017, 4:36 PMYour permission query for reading a company requires there to be a user there
dankent
09/05/2017, 4:36 PMbut you are trying to query for companies that have no user
dankent
09/05/2017, 4:37 PMyou will have to chage your permission query, add anotehr permission for this situation or filter out the companies with no owner in your query
dankent
09/05/2017, 4:37 PMI'm a bit confused though - you said you expected to get an empty array back from your query. Why are you expecting allCompanies to return an empty array when you have some companies?
dankent
09/05/2017, 4:38 PMor are you epxecting only those the user has permission on to be returned?
dankent
09/05/2017, 4:39 PMIf so, permissions dont work like that - they don't filter results for you automatically. You have to make sure only things that are allowed are requested (e.g. by using a filter)
dankent
09/05/2017, 4:39 PMfor example, in this situation, the only companies the user is allowed to see are those that they own, so why not just query for that:
dankent
09/05/2017, 4:40 PMquery{
user{
companies{
id
dummy
}
}
}
v
valein
09/05/2017, 7:29 PMSorry, been away for a while taking care of life in general (& family). That is correct, I assumed I could use the permission system to only get the company nodes belonging to the logged user. I'll use the user query instead, just as you suggest. Thank you for your time! Much appreciated