hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-17 20:41:49 +03:00
Code Issues Projects Releases Wiki Activity
d66d2d81fd
graphql-engine/server/tests-py/queries/graphql_query/permissions/setup.yaml
Rakesh Emmadi a63fa18d9c server/postgres: Support computed fields in permission check/filter 
https://github.com/hasura/graphql-engine-mono/pull/1697

GitOrigin-RevId: 6cdf8acc90d3fd97d20a3ee68c84306c3f589370
2021-07-28 08:10:25 +00:00

595 lines
13 KiB
YAML
Raw Blame History

type: bulk
args:
- type: run_sql
args:
sql: |
create table author(
id serial primary key,
name text unique,
is_registered boolean not null default false,
remarks_internal text
);
INSERT INTO author (name, remarks_internal)
VALUES
('Author 1', 'remark 1'),
('Author 2', 'remark 2'),
('Author 3', 'remark 3');
CREATE TABLE article (
id SERIAL PRIMARY KEY,
title TEXT,
content TEXT,
author_id INTEGER NOT NULL REFERENCES author(id),
is_published BOOLEAN NOT NULL default FALSE,
published_on TIMESTAMP
);
CREATE FUNCTION get_articles(author_row author)
RETURNS SETOF article as $$
SELECT * FROM article WHERE author_id = author_row.id
$$ LANGUAGE SQL STABLE;
INSERT INTO article (title, content, author_id, is_published)
VALUES
('Article 1', 'Sample article content 1', 1, false),
('Article 2', 'Sample article content 2', 1, true),
('Article 3', 'Sample article content 3', 2, true),
('Article 4', 'Sample article content 4', 3, false);
CREATE TABLE "Artist" (
id serial PRIMARY KEY ,
name text NOT NULL
);
INSERT INTO "Artist" (id, name)
VALUES
(1, 'Camilla'),
(2, 'DSP'),
(3, 'Akon');
CREATE TABLE "Track" (
id serial PRIMARY KEY,
name text NOT NULL,
artist_id integer REFERENCES "Artist"("id")
);
INSERT INTO "Track" (id, name, artist_id)
VALUES
(1, 'Keepup', 1),
(2, 'Keepdown', 1),
(3, 'Happy', 2);
create function search_tracks(search text)
returns setof "Track" as $$
select *
from "Track"
where
name ilike ('%' || search || '%')
$$ language sql stable;
CREATE TABLE books (
id int,
author_name text,
book_name text,
published_on timestamptz,
PRIMARY KEY (id,book_name)
);
INSERT INTO books (id, author_name, book_name, published_on)
VALUES (1, 'J.K. Rowling', 'Harry Porter', '1997-06-26');
CREATE EXTENSION IF NOT EXISTS postgis;
DO $$
BEGIN
IF PostGIS_lib_version() ~ '^3.*' THEN
CREATE EXTENSION IF NOT EXISTS postgis_raster;
END IF;
END$$;
CREATE EXTENSION IF NOT EXISTS postgis_topology;
CREATE TABLE geom_table(
id SERIAL PRIMARY KEY,
type TEXT NOT NULL,
geom_col geometry NOT NULL
);
INSERT INTO geom_table (type, geom_col)
VALUES
('point', ST_GeomFromEWKT('SRID=4326;POINT(1 2)')),
('linestring', ST_GeomFromEWKT('SRID=4326;LINESTRING(0 0, 0.5 1, 1 2, 1.5 3)')),
('linestring', ST_GeomFromEWKT('SRID=4326;LINESTRING(1 0, 0.5 0.5, 0 1)')),
('polygon', ST_GeomFromEWKT('SRID=4326;POLYGON((0 0, 0 1, 1 1, 1 0, 0 0))')),
('polygon', ST_GeomFromEWKT('SRID=4326;POLYGON((2 0, 2 1, 3 1, 3 0, 2 0))'))
;
CREATE TABLE jsonb_table(
id INTEGER NOT NULL PRIMARY KEY,
jsonb_col jsonb NOT NULL
);
INSERT INTO jsonb_table (id, jsonb_col)
VALUES
(1, '{"name": "Hasura", "age": 7}'),
(2, '{"name": "Cross"}');
CREATE TABLE gpa (
id serial primary key,
student_name text not null,
gpa_score double precision not null
);
INSERT INTO gpa (student_name, gpa_score) VALUES
('clarke', 9.24), ('george', 8.32),
('blake', 7.34), ('leonel', 9.56);
CREATE FUNCTION passed_students (pass_gpa double precision)
RETURNS SETOF gpa as $$
SELECT * FROM gpa WHERE
gpa_score >= pass_gpa
$$ language SQL STABLE;
CREATE TABLE auction (
id serial primary key,
price integer not null DEFAULT 250,
bid_price integer
);
INSERT INTO auction
(bid_price)
VALUES
(100), (120), (300), (260)
;
CREATE TABLE student_marks (
id SERIAL PRIMARY KEY,
name TEXT UNIQUE NOT NULL,
physics INTEGER,
chemistry INTEGER,
mathematics INTEGER
);
INSERT INTO student_marks (name, physics, chemistry, mathematics) VALUES
('clarke', 84, 67, 70), ('george', 56, 79, 70),
('blake', 66, 89, 78), ('leonel', 90, 93, 85);
CREATE FUNCTION student_total_marks (student_row student_marks)
RETURNS INTEGER AS $$
SELECT student_row.physics + student_row.chemistry + student_row.mathematics
$$ LANGUAGE SQL STABLE;
CREATE FUNCTION student_total_marks_offset (hasura_session json, student_row student_marks)
RETURNS INTEGER AS $$
SELECT student_row.physics + student_row.chemistry + student_row.mathematics - (hasura_session ->> 'x-hasura-offset-marks')::integer
$$ LANGUAGE SQL STABLE;
- type: track_table
args:
schema: public
name: author
#Article table
- type: track_table
args:
schema: public
name: article
# Add computed field to author table
- type: add_computed_field
args:
table: author
name: get_articles
definition:
function: get_articles
table_argument: author_row
#Object relationship
- type: create_object_relationship
args:
name: author
table: article
using:
foreign_key_constraint_on: author_id
#Array relationship
- type: create_array_relationship
args:
table: author
name: articles
using:
foreign_key_constraint_on:
table: article
column: author_id
#Article select permission for user
- type: create_select_permission
args:
table: article
role: user
permission:
columns:
- id
- title
- content
- is_published
filter:
$or:
- author_id: X-HASURA-USER-ID
- is_published: true
#Article select permission for anonymous (only published articles)
- type: create_select_permission
args:
table: article
role: anonymous
permission:
columns:
- id
- title
- content
- is_published
filter:
is_published: true
#Article insert permission for user
- type: create_insert_permission
args:
table: article
role: user
permission:
check:
author_id: X-Hasura-User-Id
#Author select permission for user
- type: create_select_permission
args:
table: author
role: user
permission:
columns:
- id
- name
- is_registered
filter:
_or:
- id: X-HASURA-USER-ID
- articles:
is_published:
_eq: true
limit: 10
#Author select permission for reader
- type: create_select_permission
args:
table: author
role: reader
permission:
columns:
- name
filter:
get_articles:
is_published: true
#Author select permission for anonymous users
#Only authors with atleast one article will be shown
- type: create_select_permission
args:
table: author
role: anonymous
permission:
columns:
- id
- name
filter:
articles:
is_published:
_eq: true
#Author insert permission for user
- type: create_insert_permission
args:
table: author
role: user
permission:
check:
id: X-HASURA-USER-ID
#Create Artist table
- type: track_table
args:
schema: public
name: Artist
#Crete Track table
- type: track_table
args:
schema: public
name: Track
#Object relationship Track::artist_id -> Artist::id
- type: create_object_relationship
args:
name: Artist
table: Track
using:
foreign_key_constraint_on: artist_id
#Create select permssion on Track
- type: create_select_permission
args:
table: Track
role: Artist
permission:
columns: '*'
filter:
Artist:
id: X-Hasura-Artist-Id
allow_aggregations: true
#Create select permssion on Track using _in operator
- type: create_select_permission
args:
table: Artist
role: free_user_in
permission:
columns: '*'
filter:
name:
_in: X-Hasura-Free-Artists
#Create select permssion on Track using _nin operator
- type: create_select_permission
args:
table: Artist
role: free_user_nin
permission:
columns: '*'
filter:
name:
_nin: X-Hasura-Premium-Artists
#Create select permission on Track using _iregex operator
- type: create_select_permission
args:
table: Artist
role: user_iregex
permission:
columns: '*'
filter:
name:
_iregex: X-Hasura-IRegex-Artists
# Create search_track function
- type: track_function
args:
name: search_tracks
schema: public
#Create Books table
- type: track_table
args:
schema: public
name: books
#Create select permission on books, granting permission only to one of the columns of the primary key
- type: create_select_permission
args:
table: books
role: user
permission:
columns: [author_name, book_name, published_on]
filter: {}
- type: track_table
args:
name: geom_table
schema: public
#Create select permission using postgis operator
- type: create_select_permission
args:
table: geom_table
role: user1
permission:
columns:
- id
- type
- geom_col
filter:
geom_col:
$st_d_within:
distance: 1
from:
type: Polygon
crs:
type: name
properties:
name: urn:ogc:def:crs:EPSG::4326
coordinates:
- - - 2
- 0
- - 2
- 1
- - 3
- 1
- - 3
- 0
- - 2
- 0
#Create select permission using postgis operator and session variables
- type: create_select_permission
args:
table: geom_table
role: user2
permission:
columns:
- id
- type
- geom_col
filter:
geom_col:
$st_d_within:
distance: X-Hasura-Geom-Dist
from: X-Hasura-Geom-Val
#Insert data
- type: track_table
args:
name: jsonb_table
schema: public
#Create select permission using jsonb operator
- type: create_select_permission
args:
table: jsonb_table
role: user1
permission:
columns:
- id
- jsonb_col
filter:
jsonb_col:
$has_key: age
- type: create_select_permission
args:
table: jsonb_table
role: user2
permission:
columns:
- id
- jsonb_col
filter:
jsonb_col:
$has_key: X-Hasura-Has-Key
# Using jsonb column and $has_keys_any operator
- type: create_select_permission
args:
table: jsonb_table
role: user4
permission:
columns:
- id
- jsonb_col
filter:
jsonb_col:
$has_keys_any: X-Hasura-Json-Keys
# Using jsonb column and $has_keys_all operator
- type: create_select_permission
args:
table: jsonb_table
role: user5
permission:
columns:
- id
- jsonb_col
filter:
jsonb_col:
$has_keys_all: X-Hasura-Json-Required-Keys
#Create grade_point table
- type: track_table
args:
name: gpa
schema: public
- type: track_function
args:
name: passed_students
schema: public
- type: create_select_permission
args:
table: gpa
role: staff
permission:
columns:
- id
- student_name
filter: {}
- type: track_table
args:
name: auction
schema: public
- type: create_select_permission
args:
role: user
table: auction
permission:
filter:
bid_price:
$cgt: price
columns:
- id
- bid_price
- type: create_select_permission
args:
table: article
role: critic
permission:
columns:
- title
- content
- is_published
filter:
id:
_eq: X-Hasura-Critic-Id
- type: create_select_permission
args:
table: author
role: critic
permission:
columns: [name]
filter: {}
# Track student_marks table
- type: track_table
args:
table: student_marks
- type: add_computed_field
args:
table: student_marks
name: total_marks
definition:
function: student_total_marks
table_argument: student_row
- type: add_computed_field
args:
table: student_marks
name: total_marks_offset
definition:
function: student_total_marks_offset
table_argument: student_row
session_argument: hasura_session
- type: create_select_permission
args:
table: student_marks
role: tutor
permission:
columns:
- name
filter:
total_marks:
_gte: 220
- type: create_select_permission
args:
table: student_marks
role: tutor_session
permission:
columns:
- name
computed_fields:
- total_marks
- total_marks_offset
filter:
total_marks_offset:
_gte: 220
Reference in New Issue View Git Blame Copy Permalink