dgraph icon indicating copy to clipboard operation
dgraph copied to clipboard
verified publisher icon dgraph-io

Feature Request - @auth rule based on external types

Open jdgamble555 opened this issue 3 years ago • 0 comments

The final missing Auth Rule, is an Auth Rule based on External Types.

This is probably the easiest to fix.

Let's say I have a post:

type Post @auth(...) {
   id: ID!
   title: String!
   ...
}

If I want to allow an Admin to edit this post, I have to use JWT. I should be able to edit the link by making a rule directly from the database instead.

type Post @auth(
# Only let an Admin delete pages
  delete: { rule: """
    query ($username: String!) {
      queryUser(filter {
        username: { eq: $username },
        roles: { eq: Admin }
      }) {
        id
      }
    }
  """ }
) {
  id: ID!
  title: String!
  ...
}

Something like this would be the expected way the Auth Rules would work, however, I can only create rules based on the current type.

This should be allowed by default.

https://discuss.dgraph.io/t/feature-request-non-type-related-query-auth-rule/11086

Anthony created a complicated work-around, but this should not be necessary:

https://dev.to/verneleem/graphql-rbac-without-jwt-roles-1i1m

J

jdgamble555 avatar Aug 26 '22 00:08 jdgamble555