Menu
I have three models User, Post, Vote
I tried to create a role-based authorization where the author (the user who creates a post/blog) can't vote for their own post/blog. To identify users, I used Hasura session variables X-Hasura-User-Id. Configuring (Row insert) Permission Rules for Vote table by,
{
"errors": [
{
"extensions": {
"path": "$.selectionSet.insert_Vote_one.args.object",
"code": "permission-error"
},
"message": "Check constraint violation. insert check constraint failed"
}
]
}
But which given constraint violation for the author and the other users when they try to vote a post/blog. How to solve that issue for the latter case using Permission Rules?
I use one of my auth server(express) to create user and access_token which contain the user.id as Hasura session variables X-Hasura-User-Id.
Then I use this access_token to maintain role-based authorization:
367
It seems that you are to make the following rule: X-Hasura-User-Id != Vote.blog.User_id (assuming a hasura relationship called blog for FK Vote.Blog_id).
What you are doing instead is making sure that Vote.User_id != X-Hasura-User-Id. I am assuming the user who submits the vote will always have the same id as themselves. This will always result in a permissions constraint violation.
Unless I misunderstood something...
Let us know if that helps.
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
