Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple sequential checks/permissions for each role #2605

Closed
elitan opened this issue Jul 26, 2019 · 1 comment
Closed

Multiple sequential checks/permissions for each role #2605

elitan opened this issue Jul 26, 2019 · 1 comment

Comments

@elitan
Copy link
Contributor

elitan commented Jul 26, 2019

Right now a role can have a check and permissions associated with the check.

What I was wondering, is if it would be possible to have multiple sequential checks and permissions.

Let me describe a use case. I will try to simplify it for this particular Github issue.

products
---
id
name
price
components
resellers []
company_id

components
----
id
name
product_id

resellers
---
product_id
reseller_company_id

The idea is that companies (supplier) can create a product. And give that product as a component to another company (reseller). This other company (reseller) will get the product as a component and can use it, and other components, to build a new product.

So, when a company (reseller) views its own products, it will doing a query like this:

products { <-- lets view my products
  name
  price
  components { <-- lets see all my components for this products
    product {  <-- lets see what my supplier is naming this product
      name
    }
  }
}

Now, You might want to create a permissions for this. But it is very hard. Maybe impossible, with the current Hasura. My first try:

{
  _or: [{
    company_id: { _eq: x-hasura-company-id} <-- I want to be able to see my products

  }, {
    resellers {
      reseller_company_id: { _eq: x-hasura-company-id } <-- I also want to see some information about proucts of my components
    }
  }]
}

Then the permissions. Errrr. For the first check company_id: { _eq: x-hasura-company-id} I want to see everything.
For the seconds check resellers { reseller_company_id: { _eq: x-hasura-company-id }} I want to only be able to see some limited information (ex name).

Solution (discussion starter)

Lets say you would be able to make multiple sequential checks/permissions. Like this:

check/permission #1

{
  company_id: { _eq: x-hasura-company-id}
}

Allow to see everything

check/permission #2

{
  resellers {
    reseller_company_id: { _eq: x-hasura-company-id }
  }
}

Allow to see name only

This is the query I am making:

products { <-- I am an owner, Check #1 OK
  name
  price
  components {
    product {  <-- I am a reseller, Check #1 fails, Check #2 OK
      name
    }
  }
}

Would this be possible and suitable?

Thanks
@elitan elitan changed the title Multiple checks with individual permissions for same role Multiple sequential checks/permissions for each role Jul 26, 2019
@elitan
Copy link
Contributor Author

elitan commented Jul 26, 2019

After some thought and discussion on Discord I figured this wont work.

Let me give you a bit more context, 
products { <-- I am an owner, Check #1 OK
  name
  price
  components {
    product {  <-- I am a reseller, Check #1 fails, Check #2 OK
      name
    }
  }
}

What do you expect to see in the case where you are owner for few products and reseller for others?

Instead I will create a view with the 'private' data for a product and make check/permissions to it instead.

@elitan elitan closed this as completed Jul 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@elitan