type: bulk args: #Author table # Tables to test '_exist' field # a sales role can only update the leads added by them - type: run_sql args: sql: | create table author( id serial primary key, name text unique, bio text, is_registered boolean not null default false ); CREATE TABLE article ( id SERIAL PRIMARY KEY, title TEXT, content TEXT, author_id INTEGER REFERENCES author(id), is_published BOOLEAN, published_on TIMESTAMP ); CREATE FUNCTION fetch_articles(search text, author_row author) RETURNS SETOF article AS $$ SELECT * FROM article WHERE ( title ilike ('%' || search || '%') OR content ilike ('%' || search || '%') ) AND author_id = author_row.id $$ LANGUAGE sql STABLE; CREATE TABLE resident ( id SERIAL PRIMARY KEY, name TEXT NOT NULL UNIQUE, age INTEGER NOT NULL, is_user BOOLEAN DEFAULT FALSE NOT NULL ); CREATE TABLE address ( id SERIAL PRIMARY KEY, door_no TEXT NOT NULL, street TEXT NOT NULL, city TEXT NOT NULL, resident_id INTEGER REFERENCES resident(id) ); CREATE TABLE "Company" ( "id" SERIAL PRIMARY KEY, "name" TEXT ); CREATE TABLE blog ( id serial primary key, title text not null, content text, author_id INTEGER REFERENCES author(id), last_updated timestamptz, updated_by INTEGER REFERENCES author(id) ); CREATE TABLE computer ( id SERIAL PRIMARY KEY, name TEXT NOT NULL, spec JSONB NOT NULL ); create table "user" ( id serial primary key, name text not null unique, is_admin boolean default false ); create table account ( id serial primary key, account_no integer not null ); create table leads ( id serial primary key, name text not null, added_by text not null ); create table items ( id serial primary key, name text, quantity int ); create table order_cart ( id serial primary key, item_id int not null references items(id), quantity int ); - type: track_table args: schema: public name: author #Article table - type: track_table args: schema: public name: article - type: add_computed_field args: table: author name: get_articles definition: function: fetch_articles table_argument: author_row #Create resident table - type: track_table args: schema: public name: resident #Create address table - type: track_table args: schema: public name: address #Create Company table - type: track_table args: schema: public name: Company #Object relationship - type: create_object_relationship args: table: article name: author using: foreign_key_constraint_on: author_id #Array relationship - type: create_array_relationship args: table: author name: articles using: foreign_key_constraint_on: table: article column: author_id #Article select permission for user - type: create_select_permission args: table: article role: user permission: columns: '*' filter: $or: - author_id: X-HASURA-USER-ID - is_published: true #Article select permission for restricted - type: create_select_permission args: table: article role: restricted permission: columns: '*' filter: $or: - author_id: X-HASURA-USER-ID - is_published: true #Article select permission for editor - type: create_select_permission args: table: article role: editor permission: columns: '*' filter: $or: - author_id: $in: X-Hasura-Allowed-User-Ids - is_published: true #Article insert permission for user - type: create_insert_permission args: table: article role: user permission: check: author_id: X-Hasura-User-Id #Article insert permission for restricted - type: create_insert_permission args: table: article role: restricted permission: check: author_id: X-Hasura-User-Id #Article insert permission for editor #Editor can create articles for some of the users - type: create_insert_permission args: table: article role: editor permission: check: author_id: $in: X-Hasura-Allowed-User-Ids #Article udpate permission for user - type: create_update_permission args: table: article role: user permission: filter: author_id: X-Hasura-User-Id columns: '*' #Article udpate permission for restricted - type: create_update_permission args: table: article role: restricted permission: filter: author_id: X-Hasura-User-Id columns: [] #Author select permission for user - type: create_select_permission args: table: author role: user permission: columns: - id - name - is_registered filter: id: X-HASURA-USER-ID #Author insert and update permission for user #Only admin can set is_registered to true - type: create_insert_permission args: table: author role: user permission: check: $and: - id: X-HASURA-USER-ID - is_registered: false - type: create_update_permission args: table: author role: user permission: columns: '*' filter: $and: - id: X-HASURA-USER-ID - is_registered: false #Author insert permission for student #A Student should specify their Bio - type: create_insert_permission args: table: author role: student permission: check: bio: _is_null: false #Company insert permission for user - type: create_insert_permission args: table: Company role: user permission: check: id: X-HASURA-COMPANY-ID #Company update permission for user - type: create_update_permission args: table: Company role: user permission: filter: id: X-HASURA-COMPANY-ID columns: '*' #Company select permission for user - type: create_select_permission args: table: Company role: user permission: columns: - id - name filter: id: X-HASURA-COMPANY-ID #Create insert permission for user on resident - type: create_insert_permission args: table: resident role: user permission: check: id: X-Hasura-Resident-Id set: name: X-Hasura-Resident-Name is_user: true #Create select permission for user on resident - type: create_select_permission args: table: resident role: user permission: columns: - id - name - age - is_user filter: id: X-Hasura-Resident-Id #Create insert permission for infant on resident - type: create_insert_permission args: table: resident role: infant permission: check: id: X-Hasura-Infant-Id set: name: X-Hasura-Infant-Name id: X-Hasura-Infant-Id columns: - age #Create select permission for infant on resident - type: create_select_permission args: table: resident role: infant permission: columns: - id - name - age - is_user filter: id: X-Hasura-Infant-Id #Create permissions for resident role on resident table - type: create_insert_permission args: table: resident role: resident permission: check: id: X-Hasura-Resident-Id - type: create_update_permission args: table: resident role: resident permission: columns: '*' filter: id: X-Hasura-Resident-Id - type: create_select_permission args: table: resident role: resident permission: columns: '*' filter: id: X-Hasura-Resident-Id #Create blog table - type: track_table args: name: blog schema: public - type: create_select_permission args: table: blog role: user permission: columns: '*' filter: author_id: X-Hasura-User-Id - type: create_insert_permission args: table: blog role: user permission: check: {} - type: create_update_permission args: table: blog role: user permission: columns: - title - content filter: {} set: last_updated: NOW() updated_by: X-Hasura-User-Id - type: track_table args: name: computer schema: public - type: create_insert_permission args: table: computer role: seller permission: check: spec: _has_keys_all: X-Hasura-Spec-Required-Keys columns: '*' - type: create_insert_permission args: table: computer role: developer permission: check: spec: _has_keys_any: X-Hasura-Spec-Keys columns: '*' - type: create_select_permission args: table: computer role: seller permission: columns: '*' filter: {} - type: create_select_permission args: table: computer role: developer permission: columns: '*' filter: {} - type: track_table args: name: user schema: public - type: track_table args: name: account schema: public - type: create_insert_permission args: table: account role: user permission: columns: - account_no check: _exists: _table: user _where: id: X-Hasura-User-Id is_admin: true - type: create_update_permission args: table: user role: backend_user permission: check: {} filter: {} columns: '*' - type: create_insert_permission args: table: user role: backend_user permission: check: {} columns: '*' backend_only: true set: is_admin: true - type: create_insert_permission args: table: user role: backend_user_2 permission: check: {} columns: '*' backend_only: true set: is_admin: true - type: create_select_permission args: table: user role: backend_user permission: columns: '*' filter: {} - type: create_select_permission args: table: user role: backend_user_2 permission: columns: '*' filter: {} - type: create_insert_permission args: table: user role: user permission: check: {} columns: '*' backend_only: false set: is_admin: false - type: track_table args: schema: public name: leads # a sales role can add a new lead without any check - type: create_insert_permission args: table: leads role: sales permission: columns: [id, name, added_by] check: {} set: {} # a sales role can only update the leads added by them - type: create_update_permission args: table: leads role: sales permission: columns: [name] filter: added_by: X-Hasura-User-Id check: name: _ne: '' - type: track_table args: schema: public name: items - type: track_table args: schema: public name: order_cart - type: create_object_relationship args: table: order_cart name: item using: foreign_key_constraint_on: item_id # an user can add an item in the order_cart # iff there are enough of the them present - type: create_insert_permission args: table: order_cart role: user permission: columns: [item_id, quantity] check: item: quantity: _cgte: - $ - quantity set: {}