Open 50bbx opened 6 years ago
Current behavior I am using graphcool console. I have this User model:
User
type User @model { createdAt: DateTime! id: ID! @isUnique updatedAt: DateTime! firstName: String lastName: String email: String @isUnique password: String role: ROLE! @defaultValue(value: USER) }
I have two roles:
enum ROLE { USER ADMIN }
I set that users must be authenticated to read User type. And then I have this permission
query ($user_id: ID!, $node_id: ID!) { SomeUserExists( filter: { OR: [ { id: $user_id, role: ADMIN }, { AND: [ { id: $user_id }, { id: $node_id } ] } ] } ) }
When I run this query as EVERYONE
EVERYONE
query { allUsers { email } }
I get the following result:
{ "data": { "allUsers": [ { "email": null }, { "email": null } ] } "errors": [ { "locations": [ { "line": 3, "column": 6 } ], "path": [ "allUsers", 0, "email" ], "code": 3008, "message": "Insufficient Permissions", "requestId": "OMITTED" }, { "locations": [ { "line": 3, "column": 6 } ], "path": [ "allUsers", 1, "email" ], "code": 3008, "message": "Insufficient Permissions", "requestId": "OMITTED" } ] }
This gives the total count of my test users (two users in total)
Expected behavior? I would expect nothing would be returned if the query is under authentication.
Current behavior I am using graphcool console. I have this
Usermodel:I have two roles:
I set that users must be authenticated to read User type. And then I have this permission
When I run this query as
EVERYONEI get the following result:
This gives the total count of my test users (two users in total)
Expected behavior? I would expect nothing would be returned if the query is under authentication.