hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-18 13:02:11 +03:00
Code Issues Projects Releases Wiki Activity
793aede022
graphql-engine/server/tests-py/queries/graphql_mutation/insert/permissions/schema_setup.yaml
Antoine Leblanc 5283eebf75 server: fix on_conflict missing when no column update permissions 
GitOrigin-RevId: 34dd9f648ca1e268274b6244c48c9e9710c4477d
2021-04-22 10:27:35 +00:00

616 lines
12 KiB
YAML
Raw Blame History

type: bulk
args:
#Author table
# Tables to test '_exist' field
# a sales role can only update the leads added by them
- type: run_sql
args:
sql: |
create table author(
id serial primary key,
name text unique,
bio text,
is_registered boolean not null default false
);
CREATE TABLE article (
id SERIAL PRIMARY KEY,
title TEXT,
content TEXT,
author_id INTEGER REFERENCES author(id),
is_published BOOLEAN,
published_on TIMESTAMP
);
CREATE FUNCTION fetch_articles(search text, author_row author)
RETURNS SETOF article AS $$
SELECT *
FROM article
WHERE
( title ilike ('%' || search || '%')
OR content ilike ('%' || search || '%')
) AND author_id = author_row.id
$$ LANGUAGE sql STABLE;
CREATE TABLE resident (
id SERIAL PRIMARY KEY,
name TEXT NOT NULL UNIQUE,
age INTEGER NOT NULL,
is_user BOOLEAN DEFAULT FALSE NOT NULL
);
CREATE TABLE address (
id SERIAL PRIMARY KEY,
door_no TEXT NOT NULL,
street TEXT NOT NULL,
city TEXT NOT NULL,
resident_id INTEGER REFERENCES resident(id)
);
CREATE TABLE "Company" (
"id" SERIAL PRIMARY KEY,
"name" TEXT
);
CREATE TABLE blog (
id serial primary key,
title text not null,
content text,
author_id INTEGER REFERENCES author(id),
last_updated timestamptz,
updated_by INTEGER REFERENCES author(id)
);
CREATE TABLE computer (
id SERIAL PRIMARY KEY,
name TEXT NOT NULL,
spec JSONB NOT NULL
);
create table "user" (
id serial primary key,
name text not null unique,
is_admin boolean default false
);
create table account (
id serial primary key,
account_no integer not null
);
create table leads (
id serial primary key,
name text not null,
added_by text not null
);
create table items (
id serial primary key,
name text,
quantity int
);
create table order_cart (
id serial primary key,
item_id int not null references items(id),
quantity int
);
- type: track_table
args:
schema: public
name: author
#Article table
- type: track_table
args:
schema: public
name: article
- type: add_computed_field
args:
table: author
name: get_articles
definition:
function: fetch_articles
table_argument: author_row
#Create resident table
- type: track_table
args:
schema: public
name: resident
#Create address table
- type: track_table
args:
schema: public
name: address
#Create Company table
- type: track_table
args:
schema: public
name: Company
#Object relationship
- type: create_object_relationship
args:
table: article
name: author
using:
foreign_key_constraint_on: author_id
#Array relationship
- type: create_array_relationship
args:
table: author
name: articles
using:
foreign_key_constraint_on:
table: article
column: author_id
#Article select permission for user
- type: create_select_permission
args:
table: article
role: user
permission:
columns: '*'
filter:
$or:
- author_id: X-HASURA-USER-ID
- is_published: true
#Article select permission for restricted
- type: create_select_permission
args:
table: article
role: restricted
permission:
columns: '*'
filter:
$or:
- author_id: X-HASURA-USER-ID
- is_published: true
#Article select permission for editor
- type: create_select_permission
args:
table: article
role: editor
permission:
columns: '*'
filter:
$or:
- author_id:
$in: X-Hasura-Allowed-User-Ids
- is_published: true
#Article insert permission for user
- type: create_insert_permission
args:
table: article
role: user
permission:
check:
author_id: X-Hasura-User-Id
#Article insert permission for restricted
- type: create_insert_permission
args:
table: article
role: restricted
permission:
check:
author_id: X-Hasura-User-Id
#Article insert permission for editor
#Editor can create articles for some of the users
- type: create_insert_permission
args:
table: article
role: editor
permission:
check:
author_id:
$in: X-Hasura-Allowed-User-Ids
#Article udpate permission for user
- type: create_update_permission
args:
table: article
role: user
permission:
filter:
author_id: X-Hasura-User-Id
columns: '*'
#Article udpate permission for restricted
- type: create_update_permission
args:
table: article
role: restricted
permission:
filter:
author_id: X-Hasura-User-Id
columns: []
#Author select permission for user
- type: create_select_permission
args:
table: author
role: user
permission:
columns:
- id
- name
- is_registered
filter:
id: X-HASURA-USER-ID
#Author insert and update permission for user
#Only admin can set is_registered to true
- type: create_insert_permission
args:
table: author
role: user
permission:
check:
$and:
- id: X-HASURA-USER-ID
- is_registered: false
- type: create_update_permission
args:
table: author
role: user
permission:
columns: '*'
filter:
$and:
- id: X-HASURA-USER-ID
- is_registered: false
#Author insert permission for student
#A Student should specify their Bio
- type: create_insert_permission
args:
table: author
role: student
permission:
check:
bio:
_is_null: false
#Company insert permission for user
- type: create_insert_permission
args:
table: Company
role: user
permission:
check:
id: X-HASURA-COMPANY-ID
#Company update permission for user
- type: create_update_permission
args:
table: Company
role: user
permission:
filter:
id: X-HASURA-COMPANY-ID
columns: '*'
#Company select permission for user
- type: create_select_permission
args:
table: Company
role: user
permission:
columns:
- id
- name
filter:
id: X-HASURA-COMPANY-ID
#Create insert permission for user on resident
- type: create_insert_permission
args:
table: resident
role: user
permission:
check:
id: X-Hasura-Resident-Id
set:
name: X-Hasura-Resident-Name
is_user: true
#Create select permission for user on resident
- type: create_select_permission
args:
table: resident
role: user
permission:
columns:
- id
- name
- age
- is_user
filter:
id: X-Hasura-Resident-Id
#Create insert permission for infant on resident
- type: create_insert_permission
args:
table: resident
role: infant
permission:
check:
id: X-Hasura-Infant-Id
set:
name: X-Hasura-Infant-Name
id: X-Hasura-Infant-Id
columns:
- age
#Create select permission for infant on resident
- type: create_select_permission
args:
table: resident
role: infant
permission:
columns:
- id
- name
- age
- is_user
filter:
id: X-Hasura-Infant-Id
#Create permissions for resident role on resident table
- type: create_insert_permission
args:
table: resident
role: resident
permission:
check:
id: X-Hasura-Resident-Id
- type: create_update_permission
args:
table: resident
role: resident
permission:
columns: '*'
filter:
id: X-Hasura-Resident-Id
- type: create_select_permission
args:
table: resident
role: resident
permission:
columns: '*'
filter:
id: X-Hasura-Resident-Id
#Create blog table
- type: track_table
args:
name: blog
schema: public
- type: create_select_permission
args:
table: blog
role: user
permission:
columns: '*'
filter:
author_id: X-Hasura-User-Id
- type: create_insert_permission
args:
table: blog
role: user
permission:
check: {}
- type: create_update_permission
args:
table: blog
role: user
permission:
columns:
- title
- content
filter: {}
set:
last_updated: NOW()
updated_by: X-Hasura-User-Id
- type: track_table
args:
name: computer
schema: public
- type: create_insert_permission
args:
table: computer
role: seller
permission:
check:
spec:
_has_keys_all: X-Hasura-Spec-Required-Keys
columns: '*'
- type: create_insert_permission
args:
table: computer
role: developer
permission:
check:
spec:
_has_keys_any: X-Hasura-Spec-Keys
columns: '*'
- type: create_select_permission
args:
table: computer
role: seller
permission:
columns: '*'
filter: {}
- type: create_select_permission
args:
table: computer
role: developer
permission:
columns: '*'
filter: {}
- type: track_table
args:
name: user
schema: public
- type: track_table
args:
name: account
schema: public
- type: create_insert_permission
args:
table: account
role: user
permission:
columns:
- account_no
check:
_exists:
_table: user
_where:
id: X-Hasura-User-Id
is_admin: true
- type: create_update_permission
args:
table: user
role: backend_user
permission:
check: {}
filter: {}
columns: '*'
- type: create_insert_permission
args:
table: user
role: backend_user
permission:
check: {}
columns: '*'
backend_only: true
set:
is_admin: true
- type: create_insert_permission
args:
table: user
role: backend_user_2
permission:
check: {}
columns: '*'
backend_only: true
set:
is_admin: true
- type: create_select_permission
args:
table: user
role: backend_user
permission:
columns: '*'
filter: {}
- type: create_select_permission
args:
table: user
role: backend_user_2
permission:
columns: '*'
filter: {}
- type: create_insert_permission
args:
table: user
role: user
permission:
check: {}
columns: '*'
backend_only: false
set:
is_admin: false
- type: track_table
args:
schema: public
name: leads
# a sales role can add a new lead without any check
- type: create_insert_permission
args:
table: leads
role: sales
permission:
columns: [id, name, added_by]
check: {}
set: {}
# a sales role can only update the leads added by them
- type: create_update_permission
args:
table: leads
role: sales
permission:
columns: [name]
filter:
added_by: X-Hasura-User-Id
check:
name:
_ne: ''
- type: track_table
args:
schema: public
name: items
- type: track_table
args:
schema: public
name: order_cart
- type: create_object_relationship
args:
table: order_cart
name: item
using:
foreign_key_constraint_on: item_id
# an user can add an item in the order_cart
# iff there are enough of the them present
- type: create_insert_permission
args:
table: order_cart
role: user
permission:
columns: [item_id, quantity]
check:
item:
quantity:
_cgte:
- $
- quantity
set: {}
Reference in New Issue View Git Blame Copy Permalink