https://www.prisma.io/ logo
Join SlackCommunities
Powered by
Hey everyone, I have a bit of an elementary quest...
# orm-help
j
Hey everyone, I have a bit of an elementary question here. I have an app where you can signup, and then create a property. the /properties page is a list of all the properties you have created. My issue is now is all of these properties are visible to every user (whether or not they created the property or not). How do I only display properties that were created by that user? Is there a common pattern for this anywhere? I created the connection in my resolver, so the database is aware of which properties belong to who. Any tips would be great šŸ™‚
h
You will require to add Authorization. Here is a tutorial for that: https://www.prisma.io/tutorials/graphql-rest-authentication-authorization-basics-ct20/
d
Just scope the returned results in your resolvers from the currentUser via context (Typically a JWT token to find CurrentUser)
j
Thankfully I already have JWT set up. So the logic needs to be set up in my resolver then?
h
you can use graphql-shield for this
d
@Jon I typically just create a method in my auth class that will return the current user or throw auth error, so in any resolver you need protected and scoped just call this method first.
I keep this code in the same Auth class that issued the token
Copy code
async currentUser(ctx) {
		const user = await ctx.db.user({ id: this.getUserId(ctx) })
		if (!user) {
			throw new AuthError()
		} else {
			return user
		}
	},
But this project looks very cool as well
j
@dan Thank you so much for helping me out! Iā€™m gonna look into graphql-shield and see if its an easy drop in to solve my problem. Otherwise your method looks pretty straight forward as well. Thanks again šŸ™‚
d
Im going to be taking a look as well. But at the end of the day thats all you need.
For simple applications at least
3 Views
Open in Slack
PreviousNext
Powered by