mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-18 13:02:11 +03:00
3537e2acdc
* Add update_by_pk test with more interesting permissions. * Add new delete test with more interesting permissions. * Fix byPk operations not providing all columns. * Empty commit to unlock ci. GitOrigin-RevId: eb1ca2cc4c59f421bc5fedf49bef91aa4bbdca94
195 lines
3.5 KiB
YAML
195 lines
3.5 KiB
YAML
type: bulk
|
|
args:
|
|
|
|
#Author table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
create table author(
|
|
id serial primary key,
|
|
name text unique,
|
|
payments_done boolean not null default false,
|
|
user_id int
|
|
);
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: author
|
|
|
|
#Article table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE article (
|
|
id SERIAL PRIMARY KEY,
|
|
title TEXT,
|
|
content TEXT,
|
|
author_id INTEGER NOT NULL REFERENCES author(id),
|
|
is_published BOOLEAN,
|
|
published_on TIMESTAMP
|
|
)
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: article
|
|
|
|
#Object relationship
|
|
- type: create_object_relationship
|
|
args:
|
|
table: article
|
|
name: author
|
|
using:
|
|
foreign_key_constraint_on: author_id
|
|
|
|
#Array relationship
|
|
- type: create_array_relationship
|
|
args:
|
|
table: author
|
|
name: articles
|
|
using:
|
|
foreign_key_constraint_on:
|
|
table: article
|
|
column: author_id
|
|
|
|
#Prevent deletion if payments to the author is not yet done
|
|
- type: create_delete_permission
|
|
args:
|
|
table: author
|
|
role: user
|
|
permission:
|
|
filter:
|
|
$and:
|
|
- id: X-HASURA-USER-ID
|
|
- payments_done: true
|
|
|
|
#Author select permission for user
|
|
- type: create_select_permission
|
|
args:
|
|
table: author
|
|
role: user
|
|
permission:
|
|
columns: [id, name, payments_done]
|
|
filter:
|
|
id: X-HASURA-USER-ID
|
|
|
|
#A user can delete only his articles
|
|
- type: create_select_permission
|
|
args:
|
|
table: article
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- id
|
|
- title
|
|
- content
|
|
- author_id
|
|
filter:
|
|
$and:
|
|
- author_id: X-HASURA-USER-ID
|
|
|
|
#A user can delete only his articles
|
|
- type: create_delete_permission
|
|
args:
|
|
table: article
|
|
role: user
|
|
permission:
|
|
filter:
|
|
$and:
|
|
- author_id: X-HASURA-USER-ID
|
|
|
|
#Create resident table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE resident (
|
|
id SERIAL PRIMARY KEY,
|
|
name TEXT NOT NULL,
|
|
age INTEGER NOT NULL
|
|
)
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: resident
|
|
|
|
- type: create_delete_permission
|
|
args:
|
|
table: resident
|
|
role: resident
|
|
permission:
|
|
filter:
|
|
id: X-Hasura-Resident-Id
|
|
|
|
- type: create_delete_permission
|
|
args:
|
|
table: resident
|
|
role: agent
|
|
permission:
|
|
filter:
|
|
id:
|
|
$in: X-Hasura-Allowed-Resident-Ids
|
|
|
|
- type: create_select_permission
|
|
args:
|
|
table: resident
|
|
role: agent
|
|
permission:
|
|
columns:
|
|
- id
|
|
- name
|
|
- age
|
|
filter:
|
|
id:
|
|
$in: X-Hasura-Allowed-Resident-Ids
|
|
|
|
# Tables to test '_exist' field
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
create table "user" (
|
|
id serial primary key,
|
|
name text not null unique,
|
|
is_admin boolean default false
|
|
);
|
|
|
|
create table account (
|
|
id serial primary key,
|
|
account_no integer not null
|
|
);
|
|
|
|
- type: track_table
|
|
args:
|
|
name: user
|
|
schema: public
|
|
|
|
- type: track_table
|
|
args:
|
|
name: account
|
|
schema: public
|
|
|
|
- type: create_delete_permission
|
|
args:
|
|
table: account
|
|
role: user
|
|
permission:
|
|
filter:
|
|
_exists:
|
|
_table: user
|
|
_where:
|
|
id: X-Hasura-User-Id
|
|
is_admin: true
|
|
|
|
- type: create_select_permission
|
|
args:
|
|
table: account
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- id
|
|
- account_no
|
|
filter:
|
|
_exists:
|
|
_table: user
|
|
_where:
|
|
id: X-Hasura-User-Id
|
|
is_admin: true
|