I have followed the steps of setting up the Introduction Project at https://www.graph.cool/. In the permissions section for the project I can see and edit the permissions for e.g. Posts:
When clicking the row that shows that Everyone can Edit Data for a Post, a dialogue appears. There I am able to edit the permission so that only authenticated users may edit posts:
However, how can I make a rule so that users can only edit their own posts, and not posts created by other users?
Your question is perfectly timed :-) Yesterday Graphcool released a new advanced permission system based on GraphQL queries that allow you to declare arbitrary permission rules based on relations in your data.
Restricting UPDATE permissions to the owner of a post is a trivial example (code below), but i'll encourage you to take a look at the documentation and start thinking about how this feature can help you implement more complex permission rules
Restricting edits of a post to the author
query ($node_id: ID!, $user_id: ID!) {
SomePostExists(filter:{
id: $node_id,
author: {id: $user_id}
})
}
Documentation
https://www.graph.cool/blog/2017-04-25-graphql-permission-queries-oolooch8oh/ https://www.graph.cool/docs/tutorials/authorization-content-management-system-miesho4goo/
