graphql-engine
graphql-engine copied to clipboard
hasura
Row insert permissions for actions
Is it possible to add Row insert permissions to actions as in the tables? It would be better if we can construct custom permission logic. I currently have a custom logic built and cloned to every table in the app. But actions doesn't have the capability to add such logic.
@THPubs Could you share an example of a row level permission for an action that you would expect
Can we expect this to be in the works any time soon? This is a very crucial missing feature for actions. Currently there is no way to restrict action calls to external services other than writing a custom action "proxy" with express or something similar.
Hello, do we have any updates on this matter? In my opinion, configuring custom permissions for actions is absolutely necessary. Let's consider the following scenario: I establish update permissions for the users' table like this: {"user_id":{"_eq":"X-Hasura-User-Id"}}, then, due to the requirements of my business logic, I create a Hasura action called "update_user_backend" which involves specific backend validations. However, when a user invokes the "update_user_backend" action, it seems to override the update permissions set in the users' table. As a result, any user gains the ability to modify the information of other users.
Hi, I want to update that we are launching Hasura V3 (DDN) this month. Rewriting Hasura in V3 allowed us to support all kind of features around actions that were limited in V2. V3 supports feature called "Argument presets" for Commands (Actions in V2), which can allow adding session variables as input arguments for the purpose of restricting access.
I would highly suggest to join us to see the full power of Hasura DDN at the Hasura Dev Day on April 16 🎉. Sign up here: https://hasura.io/dev-day. Can't make it? Sign up anyway and we'll send you the recording.
