mirror of
https://github.com/hasura/graphql-engine.git
synced 2025-01-05 14:27:59 +03:00
d52bfcda4e
* move user info related code to Hasura.User module
* the RFC #4120 implementation; insert permissions with admin secret
* revert back to old RoleName based schema maps
An attempt made to avoid duplication of schema contexts in types
if any role doesn't possess any admin secret specific schema
* fix compile errors in haskell test
* keep 'user_vars' for session variables in http-logs
* no-op refacto
* tests for admin only inserts
* update docs for admin only inserts
* updated CHANGELOG.md
* default behaviour when admin secret is not set
* fix x-hasura-role to X-Hasura-Role in pytests
* introduce effective timeout in actions async tests
* update docs for admin-secret not configured case
* Update docs/graphql/manual/api-reference/schema-metadata-api/permission.rst
Co-Authored-By: Marion Schleifer <marion@hasura.io>
* Apply suggestions from code review
Co-Authored-By: Marion Schleifer <marion@hasura.io>
* a complete iteration
backend insert permissions accessable via 'x-hasura-backend-privilege'
session variable
* console changes for backend-only permissions
* provide tooltip id; update labels and tooltips;
* requested changes
* requested changes
- remove className from Toggle component
- use appropriate function name (capitalizeFirstChar -> capitalize)
* use toggle props from definitelyTyped
* fix accidental commit
* Revert "introduce effective timeout in actions async tests"
This reverts commit b7a59c19d6.
* generate complete schema for both 'default' and 'backend' sessions
* Apply suggestions from code review
Co-Authored-By: Marion Schleifer <marion@hasura.io>
* remove unnecessary import, export Toggle as is
* update session variable in tooltip
* 'x-hasura-use-backend-only-permissions' variable to switch
* update help texts
* update docs
* update docs
* update console help text
* regenerate package-lock
* serve no backend schema when backend_only: false and header set to true
- Few type name refactor as suggested by @0x777
* update CHANGELOG.md
* Update CHANGELOG.md
* Update CHANGELOG.md
* fix a merge bug where a certain entity didn't get removed
Co-authored-by: Marion Schleifer <marion@hasura.io>
Co-authored-by: Rishichandra Wawhal <rishi@hasura.io>
Co-authored-by: rikinsk <rikin.kachhia@gmail.com>
Co-authored-by: Tirumarai Selvan <tiru@hasura.io>
496 lines
9.3 KiB
YAML
496 lines
9.3 KiB
YAML
type: bulk
|
|
args:
|
|
|
|
#Author table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
create table author(
|
|
id serial primary key,
|
|
name text unique,
|
|
bio text,
|
|
is_registered boolean not null default false
|
|
);
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: author
|
|
|
|
#Article table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE article (
|
|
id SERIAL PRIMARY KEY,
|
|
title TEXT,
|
|
content TEXT,
|
|
author_id INTEGER REFERENCES author(id),
|
|
is_published BOOLEAN,
|
|
published_on TIMESTAMP
|
|
);
|
|
|
|
CREATE FUNCTION fetch_articles(search text, author_row author)
|
|
RETURNS SETOF article AS $$
|
|
SELECT *
|
|
FROM article
|
|
WHERE
|
|
( title ilike ('%' || search || '%')
|
|
OR content ilike ('%' || search || '%')
|
|
) AND author_id = author_row.id
|
|
$$ LANGUAGE sql STABLE;
|
|
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: article
|
|
|
|
- type: add_computed_field
|
|
args:
|
|
table: author
|
|
name: get_articles
|
|
definition:
|
|
function: fetch_articles
|
|
table_argument: author_row
|
|
|
|
#Create resident table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE resident (
|
|
id SERIAL PRIMARY KEY,
|
|
name TEXT NOT NULL UNIQUE,
|
|
age INTEGER NOT NULL,
|
|
is_user BOOLEAN DEFAULT FALSE NOT NULL
|
|
)
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: resident
|
|
|
|
#Create address table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE address (
|
|
id SERIAL PRIMARY KEY,
|
|
door_no TEXT NOT NULL,
|
|
street TEXT NOT NULL,
|
|
city TEXT NOT NULL,
|
|
resident_id INTEGER REFERENCES resident(id)
|
|
)
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: address
|
|
|
|
#Create Company table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE "Company" (
|
|
"id" SERIAL PRIMARY KEY,
|
|
"name" TEXT
|
|
)
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: Company
|
|
|
|
#Object relationship
|
|
- type: create_object_relationship
|
|
args:
|
|
table: article
|
|
name: author
|
|
using:
|
|
foreign_key_constraint_on: author_id
|
|
|
|
#Array relationship
|
|
- type: create_array_relationship
|
|
args:
|
|
table: author
|
|
name: articles
|
|
using:
|
|
foreign_key_constraint_on:
|
|
table: article
|
|
column: author_id
|
|
|
|
#Article select permission for user
|
|
- type: create_select_permission
|
|
args:
|
|
table: article
|
|
role: user
|
|
permission:
|
|
columns: '*'
|
|
filter:
|
|
$or:
|
|
- author_id: X-HASURA-USER-ID
|
|
- is_published: true
|
|
|
|
#Article select permission for editor
|
|
- type: create_select_permission
|
|
args:
|
|
table: article
|
|
role: editor
|
|
permission:
|
|
columns: '*'
|
|
filter:
|
|
$or:
|
|
- author_id:
|
|
$in: X-Hasura-Allowed-User-Ids
|
|
- is_published: true
|
|
|
|
#Article insert permission for user
|
|
- type: create_insert_permission
|
|
args:
|
|
table: article
|
|
role: user
|
|
permission:
|
|
check:
|
|
author_id: X-Hasura-User-Id
|
|
|
|
#Article insert permission for editor
|
|
#Editor can create articles for some of the users
|
|
- type: create_insert_permission
|
|
args:
|
|
table: article
|
|
role: editor
|
|
permission:
|
|
check:
|
|
author_id:
|
|
$in: X-Hasura-Allowed-User-Ids
|
|
|
|
#Article udpate permission for user
|
|
- type: create_update_permission
|
|
args:
|
|
table: article
|
|
role: user
|
|
permission:
|
|
filter:
|
|
author_id: X-Hasura-User-Id
|
|
columns: '*'
|
|
|
|
#Author select permission for user
|
|
- type: create_select_permission
|
|
args:
|
|
table: author
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- id
|
|
- name
|
|
- is_registered
|
|
filter:
|
|
id: X-HASURA-USER-ID
|
|
|
|
#Author insert and update permission for user
|
|
#Only admin can set is_registered to true
|
|
- type: create_insert_permission
|
|
args:
|
|
table: author
|
|
role: user
|
|
permission:
|
|
check:
|
|
$and:
|
|
- id: X-HASURA-USER-ID
|
|
- is_registered: false
|
|
|
|
- type: create_update_permission
|
|
args:
|
|
table: author
|
|
role: user
|
|
permission:
|
|
columns: '*'
|
|
filter:
|
|
$and:
|
|
- id: X-HASURA-USER-ID
|
|
- is_registered: false
|
|
|
|
#Author insert permission for student
|
|
#A Student should specify their Bio
|
|
- type: create_insert_permission
|
|
args:
|
|
table: author
|
|
role: student
|
|
permission:
|
|
check:
|
|
bio:
|
|
_is_null: false
|
|
|
|
#Company insert permission for user
|
|
- type: create_insert_permission
|
|
args:
|
|
table: Company
|
|
role: user
|
|
permission:
|
|
check:
|
|
id: X-HASURA-COMPANY-ID
|
|
|
|
#Company update permission for user
|
|
- type: create_update_permission
|
|
args:
|
|
table: Company
|
|
role: user
|
|
permission:
|
|
filter:
|
|
id: X-HASURA-COMPANY-ID
|
|
columns: '*'
|
|
|
|
#Company select permission for user
|
|
- type: create_select_permission
|
|
args:
|
|
table: Company
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- id
|
|
- name
|
|
filter:
|
|
id: X-HASURA-COMPANY-ID
|
|
|
|
#Create insert permission for user on resident
|
|
- type: create_insert_permission
|
|
args:
|
|
table: resident
|
|
role: user
|
|
permission:
|
|
check:
|
|
id: X-Hasura-Resident-Id
|
|
set:
|
|
name: X-Hasura-Resident-Name
|
|
is_user: true
|
|
|
|
#Create select permission for user on resident
|
|
- type: create_select_permission
|
|
args:
|
|
table: resident
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- id
|
|
- name
|
|
- age
|
|
- is_user
|
|
filter:
|
|
id: X-Hasura-Resident-Id
|
|
|
|
#Create insert permission for infant on resident
|
|
- type: create_insert_permission
|
|
args:
|
|
table: resident
|
|
role: infant
|
|
permission:
|
|
check:
|
|
id: X-Hasura-Infant-Id
|
|
set:
|
|
name: X-Hasura-Infant-Name
|
|
id: X-Hasura-Infant-Id
|
|
columns:
|
|
- age
|
|
|
|
#Create select permission for infant on resident
|
|
- type: create_select_permission
|
|
args:
|
|
table: resident
|
|
role: infant
|
|
permission:
|
|
columns:
|
|
- id
|
|
- name
|
|
- age
|
|
- is_user
|
|
filter:
|
|
id: X-Hasura-Infant-Id
|
|
|
|
#Create permissions for resident role on resident table
|
|
- type: create_insert_permission
|
|
args:
|
|
table: resident
|
|
role: resident
|
|
permission:
|
|
check:
|
|
id: X-Hasura-Resident-Id
|
|
|
|
- type: create_update_permission
|
|
args:
|
|
table: resident
|
|
role: resident
|
|
permission:
|
|
columns: '*'
|
|
filter:
|
|
id: X-Hasura-Resident-Id
|
|
- type: create_select_permission
|
|
args:
|
|
table: resident
|
|
role: resident
|
|
permission:
|
|
columns: '*'
|
|
filter:
|
|
id: X-Hasura-Resident-Id
|
|
|
|
|
|
#Create blog table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE blog (
|
|
id serial primary key,
|
|
title text not null,
|
|
content text,
|
|
author_id INTEGER REFERENCES author(id),
|
|
last_updated timestamptz,
|
|
updated_by INTEGER REFERENCES author(id)
|
|
);
|
|
|
|
- type: track_table
|
|
args:
|
|
name: blog
|
|
schema: public
|
|
|
|
- type: create_select_permission
|
|
args:
|
|
table: blog
|
|
role: user
|
|
permission:
|
|
columns: '*'
|
|
filter:
|
|
author_id: X-Hasura-User-Id
|
|
|
|
- type: create_insert_permission
|
|
args:
|
|
table: blog
|
|
role: user
|
|
permission:
|
|
check: {}
|
|
|
|
- type: create_update_permission
|
|
args:
|
|
table: blog
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- title
|
|
- content
|
|
filter: {}
|
|
set:
|
|
last_updated: 'NOW()'
|
|
updated_by: X-Hasura-User-Id
|
|
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE computer (
|
|
id SERIAL PRIMARY KEY,
|
|
name TEXT NOT NULL,
|
|
spec JSONB NOT NULL
|
|
);
|
|
|
|
- type: track_table
|
|
args:
|
|
name: computer
|
|
schema: public
|
|
|
|
- type: create_insert_permission
|
|
args:
|
|
table: computer
|
|
role: seller
|
|
permission:
|
|
check:
|
|
spec:
|
|
_has_keys_all: X-Hasura-Spec-Required-Keys
|
|
columns: '*'
|
|
|
|
- type: create_insert_permission
|
|
args:
|
|
table: computer
|
|
role: developer
|
|
permission:
|
|
check:
|
|
spec:
|
|
_has_keys_any: X-Hasura-Spec-Keys
|
|
columns: '*'
|
|
|
|
- type: create_select_permission
|
|
args:
|
|
table: computer
|
|
role: seller
|
|
permission:
|
|
columns: '*'
|
|
filter: {}
|
|
|
|
- type: create_select_permission
|
|
args:
|
|
table: computer
|
|
role: developer
|
|
permission:
|
|
columns: '*'
|
|
filter: {}
|
|
|
|
# Tables to test '_exist' field
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
create table "user" (
|
|
id serial primary key,
|
|
name text not null unique,
|
|
is_admin boolean default false
|
|
);
|
|
|
|
create table account (
|
|
id serial primary key,
|
|
account_no integer not null
|
|
);
|
|
|
|
- type: track_table
|
|
args:
|
|
name: user
|
|
schema: public
|
|
|
|
- type: track_table
|
|
args:
|
|
name: account
|
|
schema: public
|
|
|
|
- type: create_insert_permission
|
|
args:
|
|
table: account
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- account_no
|
|
check:
|
|
_exists:
|
|
_table: user
|
|
_where:
|
|
id: X-Hasura-User-Id
|
|
is_admin: true
|
|
|
|
- type: create_insert_permission
|
|
args:
|
|
table: user
|
|
role: backend_user
|
|
permission:
|
|
check: {}
|
|
columns: '*'
|
|
backend_only: true
|
|
set:
|
|
is_admin: true
|
|
|
|
- type: create_select_permission
|
|
args:
|
|
table: user
|
|
role: backend_user
|
|
permission:
|
|
columns: '*'
|
|
filter: {}
|
|
|
|
- type: create_insert_permission
|
|
args:
|
|
table: user
|
|
role: user
|
|
permission:
|
|
check: {}
|
|
columns: '*'
|
|
backend_only: false
|
|
set:
|
|
is_admin: false
|