Login/Register
Hasura: Allow users to not vote for their own post
Asked Answered
Solved graphqlhasura
G

1

6

I have three models User, Post, Vote

schema

I tried to create a role-based authorization where the author (the user who creates a post/blog) can't vote for their own post/blog. To identify users, I used Hasura session variables X-Hasura-User-Id. Configuring (Row insert) Permission Rules for Vote table by,

picture

Error:

{
  "errors": [
    {
      "extensions": {
        "path": "$.selectionSet.insert_Vote_one.args.object",
        "code": "permission-error"
      },
      "message": "Check constraint violation. insert check constraint failed"
    }
  ]
}

But which given constraint violation for the author and the other users when they try to vote a post/blog. How to solve that issue for the latter case using Permission Rules?

Update

Auth SetUp

I use one of my auth server(express) to create user and access_token which contain the user.id as Hasura session variables X-Hasura-User-Id.

Then I use this access_token to maintain role-based authorization:

access_token

Greenheart answered 10/12, 2020 at 19:40 Comment(2)
What is your auth setup?Vegetate
I update my question @AbrahamLabkovskyGreenheart
V
2

It seems that you are to make the following rule: X-Hasura-User-Id != Vote.blog.User_id (assuming a hasura relationship called blog for FK Vote.Blog_id).

What you are doing instead is making sure that Vote.User_id != X-Hasura-User-Id. I am assuming the user who submits the vote will always have the same id as themselves. This will always result in a permissions constraint violation.

Unless I misunderstood something...

Let us know if that helps.

Vegetate answered 14/12, 2020 at 18:7 Comment(1)
Thanks, I applied the rule in the wrong way.Greenheart

© 2022 - 2024 — McMap. All rights reserved.