I have a mutation. How can I create a permission in hasura using variables in the graphql query?
eg:
mutation MyMutation($name:String!) {
insert_post(objects: {name:$name}){
name
}
}
How can I use name variable in the permission?
Asked
Active
Viewed 270 times
1
reymon359
- 1,240
- 2
- 11
- 34
a-c-sreedhar-reddy
- 568
- 4
- 14
2 Answers
0
It's me on Discord.
Just for somebody has the same question. For currently, Hasura doesn't support to check permission from user input value, It only accepts value from session variables like x-hasura-user-id, etc.
But I think Hasura approach is correct when doesn't allow set permission base on user input.
If my answer is wrong, please correct, thanks.
ShinaBR2
- 2,519
- 2
- 14
- 26
0
Hasura v2 allows for this sort of pattern now.
For example, if you had a table that had a list of allowed names, you could check that the name being inserted was in the list of allowed names by doing something like this:
insert_permissions:
- role: user
permission:
check:
_exists:
_table:
name: allowed_names
schema: public
_where:
name:
_ceq: ["$", "name"]
See also:
https://github.com/hasura/graphql-engine/issues/3459#issuecomment-1085666541
https://hasura.io/docs/latest/graphql/core/api-reference/syntax-defs/
Sean Dawson
- 5,587
- 2
- 27
- 34