mirror of
https://github.com/hasura/graphql-engine.git
synced 2025-01-07 08:13:18 +03:00
f615abd2f2
* Add check expresion to update permissions (close #384) * wip on conflict behavior * Handle upserts for views properly * Use insert check if there is no update check * Fix the test * Improve error message slightly Co-authored-by: Vamshi Surabhi <0x777@users.noreply.github.com>
216 lines
3.8 KiB
YAML
216 lines
3.8 KiB
YAML
type: bulk
|
|
args:
|
|
|
|
#Author table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
create table author(
|
|
id serial primary key,
|
|
name text unique
|
|
);
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: author
|
|
|
|
#Article table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE article (
|
|
id SERIAL,
|
|
title TEXT,
|
|
version TEXT,
|
|
content TEXT,
|
|
author_id INTEGER REFERENCES author(id),
|
|
is_published BOOLEAN,
|
|
published_on TIMESTAMP,
|
|
PRIMARY KEY (id,version)
|
|
)
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: article
|
|
|
|
|
|
#Object relationship
|
|
- type: create_object_relationship
|
|
args:
|
|
table: article
|
|
name: author
|
|
using:
|
|
foreign_key_constraint_on: author_id
|
|
|
|
#Array relationship
|
|
- type: create_array_relationship
|
|
args:
|
|
table: author
|
|
name: articles
|
|
using:
|
|
foreign_key_constraint_on:
|
|
table: article
|
|
column: author_id
|
|
|
|
#Person table
|
|
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE person (
|
|
id SERIAL PRIMARY KEY,
|
|
details JSONB NOT NULL
|
|
)
|
|
- type: track_table
|
|
args:
|
|
schema: public
|
|
name: person
|
|
|
|
|
|
#Author select permission for user
|
|
- type: create_select_permission
|
|
args:
|
|
table: author
|
|
role: user
|
|
permission:
|
|
columns: '*'
|
|
filter:
|
|
id: X-HASURA-USER-ID
|
|
|
|
#Article select permission for user
|
|
- type: create_select_permission
|
|
args:
|
|
table: article
|
|
role: user
|
|
permission:
|
|
columns: '*'
|
|
filter:
|
|
$or:
|
|
- author_id: X-HASURA-USER-ID
|
|
- is_published: true
|
|
|
|
#Article update permission for user
|
|
#Allow modifications only on unpublished articles
|
|
- type: create_update_permission
|
|
args:
|
|
table: article
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- title
|
|
- content
|
|
- is_published
|
|
- published_on
|
|
- version
|
|
filter:
|
|
$and:
|
|
- author_id: X-HASURA-USER-ID
|
|
- is_published: false
|
|
check:
|
|
is_published: false
|
|
|
|
#Resident table
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
CREATE TABLE resident (
|
|
id SERIAL PRIMARY KEY,
|
|
name TEXT NOT NULL,
|
|
age INTEGER NOT NULL,
|
|
city TEXT NOT NULL
|
|
);
|
|
|
|
- type: track_table
|
|
args:
|
|
name: resident
|
|
schema: public
|
|
|
|
#Permissions
|
|
- type: create_select_permission
|
|
args:
|
|
table: resident
|
|
role: user1
|
|
permission:
|
|
filter: {}
|
|
columns: '*'
|
|
- type: create_update_permission
|
|
args:
|
|
table: resident
|
|
role: user1
|
|
permission:
|
|
filter: {}
|
|
columns: '*'
|
|
set:
|
|
city: melbourne
|
|
|
|
- type: create_select_permission
|
|
args:
|
|
table: resident
|
|
role: user2
|
|
permission:
|
|
filter: {}
|
|
columns: '*'
|
|
- type: create_update_permission
|
|
args:
|
|
table: resident
|
|
role: user2
|
|
permission:
|
|
filter: {}
|
|
columns: '*'
|
|
set:
|
|
city: X-Hasura-City
|
|
|
|
# Tables to test '_exist' field
|
|
- type: run_sql
|
|
args:
|
|
sql: |
|
|
create table "user" (
|
|
id serial primary key,
|
|
name text not null unique,
|
|
is_admin boolean default false
|
|
);
|
|
|
|
create table account (
|
|
id serial primary key,
|
|
account_no integer not null
|
|
);
|
|
|
|
- type: track_table
|
|
args:
|
|
name: user
|
|
schema: public
|
|
|
|
- type: track_table
|
|
args:
|
|
name: account
|
|
schema: public
|
|
|
|
- type: create_update_permission
|
|
args:
|
|
table: account
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- account_no
|
|
filter:
|
|
_exists:
|
|
_table: user
|
|
_where:
|
|
id: X-Hasura-User-Id
|
|
is_admin: true
|
|
|
|
- type: create_select_permission
|
|
args:
|
|
table: account
|
|
role: user
|
|
permission:
|
|
columns:
|
|
- id
|
|
- account_no
|
|
filter:
|
|
_exists:
|
|
_table: user
|
|
_where:
|
|
id: X-Hasura-User-Id
|
|
is_admin: true
|