Title
g

gmuresan

08/31/2017, 4:24 PM
I think I found a bug. I’m trying to completely overwrite a one to many relation with a new array of IDs but it keeps telling me that I don’t have sufficient permissions If I remove the permission query from that permission object, then the mutation works
d

dankent

08/31/2017, 4:27 PM
What permission is the permission query on and what does it allow?
g

gmuresan

08/31/2017, 4:28 PM
I only have 3 scalar fields on that node, and I’m not trying to edit any of the scalar fields
query ($node_id: ID!, $user_id: ID!) {
  SomeModelExists(
    filter: {
      id: $node_id
      clientCompany:{
        user:{
          id:$user_id
        }
      }
    }
  )
}
this is the permission query
d

dankent

08/31/2017, 4:28 PM
so the permission query is on the node rather than the relationship?
g

gmuresan

08/31/2017, 4:29 PM
I am trying to edit a one to many relation by completely overwriting all the ids in the relation
thats correct
but my relation permissions are all unrestricted
d

dankent

08/31/2017, 4:30 PM
is the permission query applied to the whole type or just to the specific scalar fields?
g

gmuresan

08/31/2017, 4:30 PM
and when I add a new permission on that node with none of the scalar fields selected, and no permission query enabled, then my mutation works
I sent you a screenshot of the permissions
it only works when I enable the one at the bottom
Ive tried every combination of selecting fields and the only thing that solves this issue is disabling the permission query
d

dankent

08/31/2017, 4:35 PM
Is clientCompany the relationship you are overwriting in the mutation?
g

gmuresan

08/31/2017, 4:40 PM
no its called selectedProjects
theres no reference to it anywhere in the permission
n

nilan

08/31/2017, 4:43 PM
how does your mutation look like?
g

gmuresan

08/31/2017, 4:43 PM
mutation setModelSelectedProjects($modelId: ID!, $projectIds: [ID!]) {
  updateModel(id: $modelId, selectedProjectsIds: $projectIds) {
    id
    __typename
  }
}
{
  "data": {
    "updateModel": null
  },
  "errors": [
    {
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "updateModel"
      ],
      "code": 3008,
      "message": "Insufficient permissions for this mutation",
      "requestId": "eu-west-1:simple:cj70o67gy756q0161hcile3bq"
    }
  ]
}
d

dankent

08/31/2017, 4:47 PM
I can replicate the behaviour you are seeing with a similar schema and update permissions query on the Model type
g

gmuresan

08/31/2017, 4:51 PM
Are there any open bug reports related to this?
n

nilan

08/31/2017, 4:51 PM
This sounds like a more complicated setup to run into this unintuitive behaviour documented here: https://github.com/graphcool/feature-requests/issues/245
@dankent can you pm me your project id and send me a mutation that reproduces this behaviour?
d

dankent

08/31/2017, 4:59 PM
Will do now
n

nilan

08/31/2017, 5:29 PM
thanks for your help, I created this bug report: https://github.com/graphcool/api-bugs/issues/250