mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-09-21 15:38:40 +03:00
docs: add alt tags for all images (#3634)
This commit is contained in:
parent
ed8bc49d02
commit
28914022fc
@ -34,6 +34,7 @@ rules.
|
||||
Here's how a GraphQL request is processed in webhook mode:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/auth-webhook-overview.png
|
||||
:alt: Authentication using webhooks
|
||||
|
||||
2. JWT (JSON Web Token)
|
||||
^^^^^^^^^^^^^^^^^^^^^^^
|
||||
@ -45,6 +46,7 @@ evaluate access control rules.
|
||||
Here's how a GraphQL query is processed in JWT mode:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/auth-jwt-overview.png
|
||||
:alt: Authentication using JWT
|
||||
|
||||
**See more details at:**
|
||||
|
||||
|
@ -15,9 +15,8 @@ The idea is that your auth server will return JWT tokens, which are decoded and
|
||||
verified by the GraphQL engine, to authorize and get metadata about the request
|
||||
(``x-hasura-*`` values).
|
||||
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/jwt-auth.png
|
||||
|
||||
:alt: Authentication using JWT
|
||||
|
||||
The JWT is decoded, the signature is verified, then it is asserted that the
|
||||
current role of the user (if specified in the request) is in the list of allowed roles.
|
||||
@ -478,6 +477,7 @@ care of escaping new lines.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/jwt-config-generated.png
|
||||
:width: 75%
|
||||
:alt: Generating JWT config
|
||||
|
||||
Auth JWT Examples
|
||||
-----------------
|
||||
|
@ -12,6 +12,7 @@ Introduction
|
||||
You can configure the GraphQL engine to use a webhook to authenticate all incoming requests to the Hasura GraphQL engine server.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/webhook-auth.png
|
||||
:alt: Authentication using webhooks
|
||||
|
||||
.. admonition:: Prerequisite
|
||||
|
||||
|
@ -14,6 +14,7 @@ To understand the basics of access control in Hasura, let's take a look at this
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/permissions-rule-analogy.png
|
||||
:width: 70%
|
||||
:alt: Understanding access control in Hasura
|
||||
|
||||
This query returns the right set of results by defining the requirements for columns and rows in a given
|
||||
table. Hasura's rule-based access control works similary - you define the following permissions for a
|
||||
@ -74,6 +75,7 @@ You'll see that this results in a response that contains all the authors because
|
||||
query is accepted with **admin** permissions.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/fetch-authors.png
|
||||
:alt: Run a query without access control
|
||||
|
||||
Define access control rules
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
@ -83,7 +85,7 @@ Now let's define an access control rule for the ``author`` table for a role ``us
|
||||
as shown below:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/permission-basics-simple-example.png
|
||||
|
||||
:alt: Define access control rules
|
||||
|
||||
This permission rule reads as: "*For the role* ``user`` *, table* ``author`` *and operation* ``select``/``query``,
|
||||
allow access to those rows where the value in the ``id`` *column is the same as the value in the*
|
||||
@ -96,6 +98,7 @@ variables also included to indicate role and user information. These session var
|
||||
the ``Request Headers`` section of ``GraphiQL`` as highlighted below:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/permission-basics-query-with-access-control.png
|
||||
:alt: Run a query with access control
|
||||
|
||||
As you can see, the results are now filtered based on the access control rule for the role ``user``
|
||||
(*since that is the role indicated by the* ``X-Hasura-Role`` *session variable*) and the results are
|
||||
|
@ -27,6 +27,7 @@ Anonymous (not logged in) users
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/anonymous-role-examples.png
|
||||
:class: no-shadow
|
||||
:alt: Access control for an anonymous role
|
||||
|
||||
See :doc:`../authentication/unauthenticated-access` for steps to configure the anonymous user role in Hasura.
|
||||
|
||||
@ -42,6 +43,7 @@ Logged-in users
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/user-select-graphiql.png
|
||||
:class: no-shadow
|
||||
:alt: Access control for a logged-in user
|
||||
|
||||
|
||||
Managers of an organisation in a multi-tenant app
|
||||
@ -58,6 +60,7 @@ organisation either in the same table or via a related table.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/org-manager-graphiql.png
|
||||
:class: no-shadow
|
||||
:alt: Access control for a manager of an organisation
|
||||
|
||||
Collaborators of an article
|
||||
---------------------------
|
||||
@ -77,7 +80,7 @@ Let's say the "ownership" or "visibility" information for a data model (table) i
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/collaborator-relationship.png
|
||||
:class: no-shadow
|
||||
|
||||
:alt: Access control for collaborators of an article
|
||||
|
||||
.. Role-based schemas
|
||||
------------------
|
||||
@ -141,6 +144,7 @@ Database Schema
|
||||
The following is a reference database schema for our example:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multirole-example-db-schema.png
|
||||
:alt: Database schema example for multiple roles per user
|
||||
|
||||
Based on this schema, we'll create the following tables:
|
||||
|
||||
@ -188,6 +192,7 @@ Create an array relationship named ``reviewers`` based on the foreign key constr
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multirole-example-reviewers-array-relationship.png
|
||||
:class: no-shadow
|
||||
:alt: Create an array relationship
|
||||
|
||||
Permissions
|
||||
^^^^^^^^^^^
|
||||
@ -229,8 +234,8 @@ Permissions for role ``author``
|
||||
|
||||
b) :doc:`Column presets <../../schema/default-values/column-presets>`: Session-variable-based column preset for the ``author_id`` column to automatically insert the user's ID i.e. the ``X-Hasura-User-Id`` session-variable's value. It also helps us avoid explicitly passing the user's ID in the insert mutation.
|
||||
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multirole-example-author-insert.png
|
||||
:alt: Permissions for the role author
|
||||
|
||||
Notice how we don't need to have an explicit row-level permission (*a custom check*) as only authenticated users with the role ``author`` can perform this action. As we have a column preset for the ``author_id`` column that automatically takes the author's ID (*and the* ``id`` *column is an auto-increment integer field*), we only need to allow access to the ``title`` column.
|
||||
|
||||
@ -239,7 +244,7 @@ Permissions for role ``author``
|
||||
Again, we'll use **column-level** permissions to restrict access to certain columns. Additionally, we need to define row-level permissions (*a custom check*) to restrict access to only those articles authored by the current user:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multirole-example-author-select.png
|
||||
|
||||
:alt: Column access for the role author
|
||||
|
||||
The row-level permission rule shown here translates to "*if the value in the* ``author_id`` *column of this row is equal to the user's ID i.e. the* ``X-Hasura-User-Id`` *session-variable's value, allow access to it*".
|
||||
|
||||
@ -251,6 +256,7 @@ Permissions for role ``reviewer``
|
||||
For this use-case, we'll use :ref:`relationship or nested-object permissions<relationships-in-permissions>` based on the array relationship ``reviewers`` to restrict access to assigned articles only.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multirole-example-reviewer-update.png
|
||||
:alt: Permissions for the role reviewer
|
||||
|
||||
The array-relationship based permission rule in the above image reads as "*if the ID of any reviewer assigned to this article is equal to the user's ID i.e. the* ``X-Hasura-User-Id`` *session-variable's value, allow access to it*". The columns' access is restricted using the column-level permissions highlighted above.
|
||||
|
||||
@ -259,6 +265,7 @@ Permissions for role ``reviewer``
|
||||
This permission rule is pretty much the same as the one for update, the only difference being the column-level permissions.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multirole-example-reviewer-select.png
|
||||
:alt: Column access for the role reviewer
|
||||
|
||||
Permissions for role ``editor``
|
||||
"""""""""""""""""""""""""""""""
|
||||
@ -268,13 +275,14 @@ Permissions for role ``editor``
|
||||
This is a straightforward rule - there's no need for any row-level permissions since editors have access to all rows and they can *read* all columns.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multirole-example-editor-select.png
|
||||
|
||||
:alt: Permissions for the role editor
|
||||
|
||||
* **Allow editors to update an article**
|
||||
|
||||
There's no need for row-level permissions in this case either but we need to restrict access to certain columns only:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multirole-example-editor-update.png
|
||||
|
||||
:alt: Column access for the role editor
|
||||
|
||||
|
||||
|
||||
|
@ -19,6 +19,7 @@ session variables. Other session variables can be passed by your auth service as
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/hasura-perms.png
|
||||
:width: 80 %
|
||||
:alt: Create a permission rule
|
||||
|
||||
Trying out access control
|
||||
-------------------------
|
||||
|
@ -13,6 +13,7 @@ Access control rules in Hasura are defined at a role, table and action (*insert,
|
||||
level granularity:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/permission-rule-granularity.png
|
||||
:alt: Access control rules in Hasura
|
||||
|
||||
Requests to Hasura should contain the reserved session variable ``X-Hasura-Role`` to indicate the requesting
|
||||
user's role, and the table and action information is inferred from the request itself. This information is used
|
||||
@ -101,9 +102,11 @@ types:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/operators-for-integer-types.png
|
||||
:width: 40%
|
||||
:alt: Column operators for integer types
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/operators-for-text-types.png
|
||||
:width: 40%
|
||||
:alt: Column operators for text types
|
||||
|
||||
Using boolean expressions
|
||||
*************************
|
||||
@ -112,16 +115,19 @@ The following is an example of a simple boolean expression to restrict access fo
|
||||
the value in the ``id`` column is greater than 10:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/simple-boolean-expression.png
|
||||
:alt: Using boolean expressions to build rules
|
||||
|
||||
You can construct more complex boolean expressions using the ``_and``, ``_or`` and ``not`` operators:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/boolean-operators.png
|
||||
:alt: Using more complex boolean expressions to build rules
|
||||
|
||||
**For example**, using the ``_and`` operator, you can construct a rule to restrict access for ``select`` to rows where
|
||||
the value in the ``id`` column is greater than 10 **and** the value in the ``name`` column starts with "a"
|
||||
or "A":
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/composite-boolean-expression.png
|
||||
:alt: Example of a rule with the _and operator
|
||||
|
||||
Using session variables
|
||||
***********************
|
||||
@ -135,6 +141,7 @@ to construct a rule to restrict access for ``select`` to rows in the ``articles`
|
||||
the author's ID*):
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/session-variables-in-permissions-simple-example.png
|
||||
:alt: Using session variables to build rules
|
||||
|
||||
.. _relationships-in-permissions:
|
||||
|
||||
@ -150,6 +157,7 @@ the details of the authors who they manage in ``authors`` table. We can define t
|
||||
that uses the aforementioned object relationship:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/nested-object-permission-simple-example.png
|
||||
:alt: Using a nested object to build rules
|
||||
|
||||
This permission rule reads as "*if the author's agent's* ``id`` *is the same as the requesting user's*
|
||||
``id`` *, allow access to the author's details*."
|
||||
@ -176,6 +184,7 @@ column in the ``users`` table is set to ``true``. Let's assume the user's id is
|
||||
session variable.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/exists-permission-example.png
|
||||
:alt: Use an unrelated table to build rules
|
||||
|
||||
This permission rule reads as "*if there exists a row in the table* ``users`` *whose* ``id`` *is the same as the requesting user's*
|
||||
``id`` *and has the* ``allow_article_create`` *column set to true, allow access to insert articles*."
|
||||
@ -188,6 +197,7 @@ Column-level permissions determine access to columns in the rows that are access
|
||||
permissions. These permissions are simple selections:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/column-level-permissions.png
|
||||
:alt: Column level permissions
|
||||
|
||||
In this example, the role ``author`` has only partial access to columns of the accessible rows for
|
||||
the ``select`` operation.
|
||||
@ -201,6 +211,7 @@ In the case of ``select`` operations, the number of rows to be returned in the r
|
||||
using this configuration:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/limit-rows-for-select.png
|
||||
:alt: Row fetch limit
|
||||
|
||||
In the above example, this configuration restricts the number of accessible rows (*based on the rule*:
|
||||
``{"id":{"_eq":"X-Hasura-User-Id"}}``) to 20.
|
||||
@ -214,6 +225,7 @@ In the case of ``select`` operations, access to :doc:`aggregation queries <../..
|
||||
can be restricted for a given role using this configuration.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/aggregation-query-permissions.png
|
||||
:alt: Aggregation queries permissions
|
||||
|
||||
In the above example, the role ``user`` is allowed to make aggregation queries.
|
||||
|
||||
|
@ -48,6 +48,7 @@ For the table ``user_info``, create a :ref:`manual object relationship <create_m
|
||||
``private_info`` using ``user_info : id -> user_private : user_id``:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multiple-rules-create-manual-relationship.png
|
||||
:alt: Create a manual object relationship
|
||||
|
||||
Step 3: Define permissions
|
||||
--------------------------
|
||||
@ -57,11 +58,13 @@ For the role ``user``, create the following permissions for ``select``:
|
||||
- Table ``user_info``: allow access to ``id``, ``name`` and ``city`` without any row conditions.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multiple-rules-define-public-permissions.png
|
||||
:alt: Column access for the role user
|
||||
|
||||
- View ``user_private``: allow access to ``id``, ``phone``, ``email`` and ``address`` if the ``user-id``
|
||||
passed in the session variable is equal to the row's ``user_id``.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/multiple-rules-define-private-permissions.png
|
||||
:alt: Column access for the role user based on row level permissions
|
||||
|
||||
Step 4: Query with appropriate access control
|
||||
---------------------------------------------
|
||||
|
@ -99,6 +99,7 @@ Roles are typically modelled in two ways:
|
||||
is a great example of such modelling where access scopes are inherited by deeper roles:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/github-org-hierarchical-roles.png
|
||||
:alt: Hierarchical roles
|
||||
|
||||
2. **Flat roles**: Non-hierarchical roles with each role requiring an independent access scope to be defined.
|
||||
|
||||
|
@ -10,6 +10,7 @@ In Hasura, access control or authorization is based on **roles**. Let's take a l
|
||||
when the GraphQL engine receives a request:
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/auth/auth-high-level-overview.png
|
||||
:alt: Authentication and authorization with Hasura
|
||||
|
||||
As you can see from this:
|
||||
|
||||
|
@ -16,11 +16,13 @@ Add the HASURA_GRAPHQL_ADMIN_SECRET env var
|
||||
Head to the config-vars URL on your Heroku dashboard and set the ``HASURA_GRAPHQL_ADMIN_SECRET`` environment variable.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/deployment/secure-heroku.png
|
||||
:alt: Add an admin secret
|
||||
|
||||
Setting this environment variable will automatically restart the dyno. Now when you access your console, you'll be
|
||||
prompted for the admin secret key.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/deployment/access-key-console.png
|
||||
:alt: Prompt for the admin secret
|
||||
|
||||
.. note::
|
||||
|
||||
|
@ -36,6 +36,7 @@ Step 2: Remove the created Postgres add-on in the app
|
||||
Head to your Heroku dashboard and delete the Postgres add-on created in the previous step:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/deployment/remove-heroku-postgres-addon.png
|
||||
:alt: Delete the Postgres add-on
|
||||
|
||||
Step 3: Configure environment variables
|
||||
---------------------------------------
|
||||
@ -44,6 +45,7 @@ Now configure the ``DATABASE_URL`` with your existing Heroku Postgres database U
|
||||
if you want to secure your endpoint.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/deployment/heroku-database-url-access.png
|
||||
:alt: Configure environment variables
|
||||
|
||||
.. note::
|
||||
|
||||
|
@ -12,6 +12,7 @@ Open the Hasura console, head to the ``Events`` tab and click on the ``Create``
|
||||
page below:
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/event-triggers/create-event-trigger.png
|
||||
:alt: Create an event trigger
|
||||
|
||||
Parameters
|
||||
----------
|
||||
@ -38,6 +39,7 @@ Advanced Settings
|
||||
-----------------
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/event-triggers/create-event-trigger-advanced-settings.png
|
||||
:alt: Advanced settings for event triggers
|
||||
|
||||
Listen columns for update
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
@ -11,6 +11,7 @@ events on specified tables and invoke webhooks to carry out any custom logic.
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/event-triggers/database-event-triggers.png
|
||||
:class: no-shadow
|
||||
:alt: Hasura event trigger architecture
|
||||
|
||||
Events can be of the following types:
|
||||
|
||||
|
@ -14,10 +14,12 @@ you invoke "manual event triggers" configured on the table with that row as payl
|
||||
only if you have any triggers configured)*:
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/event-triggers/select-manual-trigger.png
|
||||
:alt: Invoke event trigger on console
|
||||
|
||||
Click on the event trigger you want to run and a modal will pop up with the request and response.
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/event-triggers/run-manual-trigger.png
|
||||
:alt: Request and response of event trigger
|
||||
|
||||
.. note::
|
||||
|
||||
|
@ -23,6 +23,7 @@ the following columns:
|
||||
)
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/getting-started/create-profile-table.png
|
||||
:alt: Create a table
|
||||
|
||||
Setup an event trigger
|
||||
----------------------
|
||||
@ -34,6 +35,7 @@ In the Hasura console, navigate to ``Events -> Create trigger`` and:
|
||||
4. Enter webhook URL as: ``https://httpbin.org/post``.
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/getting-started/create-event-trigger.png
|
||||
:alt: Set up an event trigger
|
||||
|
||||
This sets up our webhook ``https://httpbin.org/post`` to receive database changes on an insert, update and delete on
|
||||
``profile`` table.
|
||||
@ -47,7 +49,7 @@ Watch the trigger in action
|
||||
3. Expand the details of an event to see the response from the webhook.
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/getting-started/trigger-events.png
|
||||
|
||||
:alt: Trigger in action
|
||||
|
||||
Next steps
|
||||
----------
|
||||
|
@ -24,6 +24,7 @@ the following columns:
|
||||
)
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/getting-started/create-profile-table.png
|
||||
:alt: Create a table
|
||||
|
||||
Now, insert some sample data into the table using the ``Insert Row`` tab of the ``profile`` table.
|
||||
|
||||
@ -44,6 +45,7 @@ Head to the ``GraphiQL`` tab in the console and try running the following query:
|
||||
You'll see that you get all the inserted data!
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/getting-started/profile-query.png
|
||||
:alt: Try out a query
|
||||
|
||||
Next steps
|
||||
----------
|
||||
|
@ -28,6 +28,7 @@ Click the button below to deploy to Heroku:
|
||||
sign up you'll be redirected to your Heroku app creation page automatically.
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/getting-started/heroku-app.png
|
||||
:alt: Deploy to Heroku
|
||||
|
||||
Note that **Heroku's free Postgres add-on** is also automatically provisioned!
|
||||
|
||||
@ -38,6 +39,7 @@ That's it! Head to ``https://<YOUR_HEROKU_APP>.herokuapp.com`` and open your ap
|
||||
You should see the Hasura console.
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/getting-started/heroku-app-deployed.png
|
||||
:alt: Open the Hasura console
|
||||
|
||||
Hello World (GraphQL or event triggers)
|
||||
---------------------------------------
|
||||
|
@ -21,6 +21,7 @@ there is a timestamp value present, the record should be treated as deleted.
|
||||
the following:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/guides/soft-deletes-example-data.png
|
||||
:alt: Todo table of a todo application
|
||||
|
||||
In this example we only have two todos, one has ``deleted_at`` with a timestamp value and the other contains a
|
||||
``null`` value. The todo with the timestamp value in ``deleted_at`` represents a deleted todo and was deleted at
|
||||
@ -75,15 +76,17 @@ Here are some typical rules we should set:
|
||||
**Delete permissions** - remove all access
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/guides/soft-deletes-delete-perms.png
|
||||
:alt: Delete permissions for role user
|
||||
|
||||
**Insert permissions** - remove access for inserting into ``deleted_at`` column
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/guides/soft-deletes-insert-perms.png
|
||||
:alt: Insert permissions for role user
|
||||
|
||||
**Update permissions** - allow access for updating ``deleted_at`` column
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/guides/soft-deletes-update-perms.png
|
||||
|
||||
:alt: Update permissions for role user
|
||||
|
||||
Step 4: Restrict access to soft-deleted records
|
||||
-----------------------------------------------
|
||||
@ -97,6 +100,7 @@ For example, let's say that a role ``user`` can only access non-deleted todos, w
|
||||
permission rule to ensure this:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/guides/soft-deletes-select-perms.png
|
||||
:alt: Restrict access to soft-deleted records
|
||||
|
||||
Now the role ``user`` can only access non-deleted ``todos``:
|
||||
|
||||
|
@ -19,6 +19,7 @@ Create an Auth0 Application
|
||||
(assuming your application is React/Angular/Vue etc).
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/guides/create-client-popup.png
|
||||
:alt: Create an Auth0 application
|
||||
|
||||
Configure Auth0 Rules & Callback URLs
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
@ -186,7 +187,7 @@ escaping new lines.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/auth/jwt-config-generated.png
|
||||
:width: 75%
|
||||
|
||||
:alt: Generated JWT config
|
||||
|
||||
Add Access Control Rules via Hasura Console
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
@ -20,6 +20,7 @@ This is what Hasura running with "Remote schemas" looks like:
|
||||
.. thumbnail:: ../../../img/graphql/manual/remote-schemas/remote-schemas-arch.png
|
||||
:class: no-shadow
|
||||
:width: 75%
|
||||
:alt: Architecture of Hasura with remote schemas
|
||||
|
||||
.. note::
|
||||
|
||||
@ -70,7 +71,7 @@ To merge your remote schema with the GraphQL engine's auto-generated schema:
|
||||
Head to the ``Remote Schemas`` tab of the console and click on the ``Add`` button.
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/business-logic/add-remote-schemas-interface.png
|
||||
|
||||
:alt: Merge remote schema
|
||||
|
||||
You need to enter the following information:
|
||||
|
||||
|
@ -43,6 +43,7 @@ automatically generated.
|
||||
For example, here is the schema for the ``article`` table in this interface:
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/schema/create-table-graphql.png
|
||||
:alt: Schema for an article table
|
||||
|
||||
The following object type and query/mutation fields are generated for the ``article`` table we just created:
|
||||
|
||||
|
@ -25,7 +25,7 @@ Expose columns with a different name in the GraphQL API
|
||||
Head to the ``Data -> [table-name] -> Modify``
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/schema/custom-field-name-column.png
|
||||
|
||||
:alt: Customise GraphQL field name
|
||||
|
||||
.. tab:: Metadata API
|
||||
|
||||
@ -47,6 +47,7 @@ Expose table root fields with a different name in the GraphQL API
|
||||
Head to the ``Data -> [table-name] -> Modify``
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/schema/custom-field-name-root-fields.png
|
||||
:alt: Customise GraphQL root field
|
||||
|
||||
.. tab:: Metadata API
|
||||
|
||||
|
@ -27,11 +27,13 @@ The column preset option is available under the ``Permissions`` tab of a table.
|
||||
``Data -> article -> Permissions``:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/column-presets-option.png
|
||||
:alt: Add a column preset in the permissions tab
|
||||
|
||||
Enable the column preset option to define presets for one or more columns. For each column, you can pick between
|
||||
setting the preset using a static value or from a session variable.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/column-presets-value-options.png
|
||||
:alt: Configure the column preset
|
||||
|
||||
For our chosen example, we'll use the ``from session variable`` option and configure the ``user_id`` column to be
|
||||
automatically populated based on the value of the ``X-Hasura-User-Id`` session variable.
|
||||
@ -55,11 +57,13 @@ As mentioned earlier, you'll notice when you add the ``X-Hasura-Role`` header th
|
||||
available as the mutation type's field:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/column-preset-schema-change-for-role.png
|
||||
:alt: Write an insert mutation
|
||||
|
||||
Now, if we run the following insert mutation, we'll see that the ``user_id`` field is indeed being set with the value
|
||||
passed in the ``X-Hasura-User-Id`` variable:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/column-preset-mutation-result.png
|
||||
:alt: Run the insert mutation
|
||||
|
||||
.. note::
|
||||
|
||||
|
@ -25,6 +25,7 @@ Edit the ``created_at`` field and set its default value as the SQL function ``no
|
||||
Open the console and head to ``Data -> article -> Modify``:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/add-default-value.png
|
||||
:alt: Modify the table in the console
|
||||
|
||||
.. admonition:: To set an auto-incrementing default value
|
||||
|
||||
@ -50,6 +51,7 @@ Now if you do not pass the ``created_at`` field value while running an insert mu
|
||||
value will be set automatically by Postgres.
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/default-value-response.png
|
||||
:alt: Run an insert mutation
|
||||
|
||||
Also see
|
||||
--------
|
||||
|
@ -34,6 +34,7 @@ Modify the table ``sql_function_table`` and make its ``output`` column nullable.
|
||||
Open the console and head to ``Data -> sql_function_table -> Modify``:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/modify-sql-fn-table.png
|
||||
:alt: Modify the table
|
||||
|
||||
Step 2: Create a trigger
|
||||
------------------------
|
||||
@ -56,6 +57,7 @@ the ``output`` field whenever an insert or update is made to the ``sql_function_
|
||||
Head to ``Data -> SQL`` and run the above SQL:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/create-trigger.png
|
||||
:alt: Create a trigger with SQL
|
||||
|
||||
Step 3: Run an insert mutation
|
||||
------------------------------
|
||||
|
@ -139,6 +139,7 @@ we need to tell Hasura that this table represents an enum.
|
||||
``Set table as enum`` section:
|
||||
|
||||
.. thumbnail:: ../../../img/graphql/manual/schema/enum-set.png
|
||||
:alt: Set table as enum
|
||||
|
||||
.. tab:: API
|
||||
|
||||
|
@ -30,6 +30,7 @@ the Foreign Keys section and configure the ``author_id`` column as a foreign-key
|
||||
the ``author`` table:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/add-foreign-key.png
|
||||
:alt: Add foreign-key constraint
|
||||
|
||||
Step 2: Create an object relationship
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
@ -42,6 +43,7 @@ The console infers this using the foreign-key created above and recommends the p
|
||||
Add an ``object relationship`` named ``author`` for the ``article`` table as shown here:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/add-1-1-relationship.png
|
||||
:alt: Create an object relationship
|
||||
|
||||
We can now run a nested object query that is based on this ``object relationship``.
|
||||
|
||||
@ -102,6 +104,7 @@ You can add an ``array relationship`` in the same fashion as an ``object relatio
|
||||
Add an ``array relationship`` named ``articles`` for the ``author`` table as shown here:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/add-1-many-relationship.png
|
||||
:alt: Create an array relationship
|
||||
|
||||
We can now run a nested object query that is based on this ``array relationship``.
|
||||
|
||||
@ -192,6 +195,7 @@ Step 1: Open the manual relationship section
|
||||
- Click on the ``Configure`` button:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/manual-relationship-btn.png
|
||||
:alt: Open the manual relationship section
|
||||
|
||||
Step 2: Define the relationship
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
@ -199,6 +203,7 @@ Step 2: Define the relationship
|
||||
The above step will open up a section as shown below:
|
||||
|
||||
.. thumbnail:: ../../../../img/graphql/manual/schema/manual-relationship-create.png
|
||||
:alt: Define the relationship
|
||||
|
||||
In this case:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user