search

hasura / graphql-engine

Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.
https://hasura.io
Apache License 2.0
31.12k stars 2.76k forks source link

Add bulk create permissions endpoint #5825

Open bertyhell opened 4 years ago

bertyhell commented 4 years ago

currently you have these endpoints to create permissions one at a time. In my current project we have 73 tables, and each table can have 4 operations (select, insert, update, delete), so that means 292 api calls to set the permissions for every table.

It would be nice to have a bulk endpoint. Something like this:

POST /v1/query HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
    "type" : "bulk_create_permissions",
    "args" : [
        {
            "type" : "create_insert_permission",
            "args" : {
                "table" : "article",
                "role" : "user",
                "permission" : {
                    "check" : {
                        "author_id" : "X-HASURA-USER-ID"
                    },
                    "set":{
                        "id":"X-HASURA-USER-ID"
                    },
                    "columns":["name","author_id"]
                }
            }
        },
        {
            "type" : "create_select_permission",
            "args" : {
                "table" : "article",
                "role" : "user",
                "permission" : {
                    "columns" : "*",
                    "filter" : {
                        "$or" : [
                            { "author_id" : "X-HASURA-USER-ID" },
                            { "is_published" : true }
                        ]
                     },
                     "limit": 10,
                     "allow_aggregations": true
                }
            }
        }
    ]
}

and another for bulk delete:

POST /v1/query HTTP/1.1
Content-Type: application/json
X-Hasura-Role: admin

{
    "type" : "bulk_drop_permissions",
    "args" : [
        {
            "type" : "drop_insert_permission",
            "args" : {
                "table" : "article",
                "role" : "user"
            }
        }
        {
            "type" : "drop_select_permission",
            "args" : {
                "table" : "article",
                "role" : "user"
            }
        }
    ]
}
GavinRay97 commented 4 years ago

This is a great suggestion, and fairly common usecase. Will check with server team on this.

GavinRay97 commented 4 years ago

Okay so it is possible to do this currently, there's a bulk request type for the Metadata API that takes an array of operations to perform at once:

https://hasura.io/docs/1.0/graphql/core/api-reference/schema-metadata-api/index.html

image

Going to close for now but please re-open the issue if this doesn't work for your usecase :+1: @bertyhell

bertyhell commented 4 years ago

I'll make a PR to add a link from the permissions api page to the bulk api docs. Maybe reopen this to track that change?

https://github.com/hasura/graphql-engine/pull/5861