You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm working with Hasura GraphQL and facing issues in setting complex permission rules in a multi-user system with CUSTOMER, SHARE, and VIDEO tables. The challenge is to allow a user (User A) to grant another user (User B) specific access rights (e.g., READ access) to the VIDEO table. User B should be able to query VIDEO data using User A's customer_id after access is given. I'm using a single role called 'user'.
Table share {
customer_id_owner
customer_id_collaborator
customer access
video access
}
Table customer {
id varchar
first_name
last_name
}
Table video {
id varchar
customer_id varchar
camera_id varchar
}
enum access {
NONE
READ
WRITE
}
The issue is the rule isn't working as expected. I want an OR logic where:
User A queries their data based on their customer_id.
User B queries VIDEO table data based on permissions in the SHARE table, where customer_id_collaborator matches X-Hasura-User-Id and customer_id_owner is linked to customer_id in the VIDEO table.
I'm uncertain about correctly referencing the customer_id in the VIDEO table in the _exists subquery and seek a better approach for this permission logic.
Questions:
How can I correctly structure this permission rule to meet the requirements?
Is there a more efficient way to implement complex permission logic in Hasura?
Any advice or suggestions from the community would be highly valuable.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm working with Hasura GraphQL and facing issues in setting complex permission rules in a multi-user system with CUSTOMER, SHARE, and VIDEO tables. The challenge is to allow a user (User A) to grant another user (User B) specific access rights (e.g., READ access) to the VIDEO table. User B should be able to query VIDEO data using User A's customer_id after access is given. I'm using a single role called 'user'.
My current permission rule is:
The schema is:
The issue is the rule isn't working as expected. I want an OR logic where:
I'm uncertain about correctly referencing the customer_id in the VIDEO table in the _exists subquery and seek a better approach for this permission logic.
Questions:
Any advice or suggestions from the community would be highly valuable.
Beta Was this translation helpful? Give feedback.
All reactions