0

Here's the thing. I have the 3 tables depicted here:

enter image description here

People on my application can place orders. Then, I want

  • a user with rex permission to see all the orders table's rows
  • a user with delivery permission to only see the rows of the orders table that have the zip column set to the delivery user's zip

From the orders table, I can get for each order a zip. With the table zip_user, I can get a user_id out of a zip. Out of that user_id, I can get the delivery user from the users table.

While it is trivial to get the rex to see all of the orders table, I have not yet been able to configure the permissions for the delivery user. What do I need to do?

In other words, given the user performing a select on the orders table has x-hasura-user-id set to some user id and x-hasura-role set to delivery, how does that user get only the rows from the orders table that match with the zips associated with that user's user_id?

Laurent Michel
  • 1,069
  • 3
  • 14
  • 29

1 Answers1

1

Hasura has the concept of relations. If you have foreign keys, it makes the relations automatically, if not you can make them yourself in the UI. Once the relationships have been set up, you will be able to set deep permissions, so on the orders table, you'll be able to use users.id.

Start here: https://hasura.io/docs/1.0/graphql/manual/schema/relationships/index.html

rollingBalls
  • 1,808
  • 1
  • 14
  • 25