You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now a role can have a check and permissions associated with the check.
What I was wondering, is if it would be possible to have multiple sequential checks and permissions.
Let me describe a use case. I will try to simplify it for this particular Github issue.
products
---
id
name
price
components
resellers []
company_id
components
----
id
name
product_id
resellers
---
product_id
reseller_company_id
The idea is that companies (supplier) can create a product. And give that product as a component to another company (reseller). This other company (reseller) will get the product as a component and can use it, and other components, to build a new product.
So, when a company (reseller) views its own products, it will doing a query like this:
products { <-- lets view my products
name
price
components { <-- lets see all my components for this products
product { <-- lets see what my supplier is naming this product
name
}
}
}
Now, You might want to create a permissions for this. But it is very hard. Maybe impossible, with the current Hasura. My first try:
{
_or: [{
company_id: { _eq: x-hasura-company-id} <-- I want to be able to see my products
}, {
resellers {
reseller_company_id: { _eq: x-hasura-company-id } <-- I also want to see some information about proucts of my components
}
}]
}
Then the permissions. Errrr. For the first check company_id: { _eq: x-hasura-company-id} I want to see everything.
For the seconds check resellers { reseller_company_id: { _eq: x-hasura-company-id }} I want to only be able to see some limited information (ex name).
Solution (discussion starter)
Lets say you would be able to make multiple sequential checks/permissions. Like this:
After some thought and discussion on Discord I figured this wont work.
Let me give you a bit more context,
products { <-- I am an owner, Check #1 OK
name
price
components {
product { <-- I am a reseller, Check #1 fails, Check #2 OK
name
}
}
}
What do you expect to see in the case where you are owner for few products and reseller for others?
Instead I will create a view with the 'private' data for a product and make check/permissions to it instead.
Right now a role can have a check and permissions associated with the check.
What I was wondering, is if it would be possible to have multiple sequential checks and permissions.
Let me describe a use case. I will try to simplify it for this particular Github issue.
The idea is that companies (supplier) can create a product. And give that product as a component to another company (reseller). This other company (reseller) will get the product as a component and can use it, and other components, to build a new product.
So, when a company (reseller) views its own products, it will doing a query like this:
Now, You might want to create a permissions for this. But it is very hard. Maybe impossible, with the current Hasura. My first try:
Then the permissions. Errrr. For the first check
company_id: { _eq: x-hasura-company-id}
I want to see everything.For the seconds check
resellers { reseller_company_id: { _eq: x-hasura-company-id }}
I want to only be able to see some limited information (ex name).Solution (discussion starter)
Lets say you would be able to make multiple sequential checks/permissions. Like this:
check/permission #1
Allow to see everything
check/permission #2
Allow to see
name
onlyThis is the query I am making:
Would this be possible and suitable?
Thanks
The text was updated successfully, but these errors were encountered: