Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempting to insert with an on_conflict ignores mutation fails without modify permission #8260

Closed
sproctor opened this issue Feb 28, 2022 · 2 comments
Closed

Attempting to insert with an on_conflict ignores mutation fails without modify permission #8260

sproctor opened this issue Feb 28, 2022 · 2 comments
Assignees
@plcplc
Labels
a/authz Issues related to "authorization" and the policy engine after session claims are procesed ds-ten k/bug Something isn't working

Comments

@sproctor
Copy link

Version Information

Server Version: 2.2.0

Environment

OSS

What is the expected behaviour?

https://hasura.io/docs/latest/graphql/core/databases/postgres/mutations/upsert.html#ignore-request-on-conflict

I expect that behavior to happen even when the user does not have access to modify the data.

Keywords

ignore insert on_conflict

What is the current behaviour?

Gives the error: "insert_XXX" has no argument named "on_conflict"

How to reproduce the issue?

Give insert, but not modify permission on author.

Send a mutation query like:

mutation upsert_author {
  insert_author(
    objects: [
      { name: "John" }
    ],
    on_conflict: {
      constraint: author_name_key,
      update_columns: []
    }
  ) {
    affected_rows
  }
}

Get the above error.
@sproctor sproctor added the k/bug Something isn't working label Feb 28, 2022
@rikinsk rikinsk added the a/authz Issues related to "authorization" and the policy engine after session claims are procesed label Feb 28, 2022
@sassela sassela added the ds-ten label Apr 6, 2022
@plcplc plcplc changed the title Attempting to insert with an on_conflict ignore mutation fails without modify permission Attempting to insert with an on_conflict ignores mutation fails without modify permission Apr 25, 2022
@plcplc
Copy link
Contributor

plcplc commented Apr 25, 2022

@sproctor: Thanks for reporting this issue.

Does your use case includes select permissions on the table?

@plcplc plcplc self-assigned this Apr 25, 2022
@plcplc
Copy link
Contributor

plcplc commented Jun 13, 2022

This should now be fixed in 3e33fd6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@plcplc plcplc

Labels
a/authz Issues related to "authorization" and the policy engine after session claims are procesed ds-ten k/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@codedmart @sproctor @plcplc @sassela @rikinsk