The final missing Auth Rule, is an Auth Rule based on External Types.
This is probably the easiest to fix.
Let's say I have a post:
type Post @auth(...) {
id: ID!
title: String!
...
}
If I want to allow an Admin to edit this post, I have to use JWT. I should be able to edit the link by making a rule directly from the database instead.
type Post @auth(
# Only let an Admin delete pages
delete: { rule: """
query ($username: String!) {
queryUser(filter {
username: { eq: $username },
roles: { eq: Admin }
}) {
id
}
}
""" }
) {
id: ID!
title: String!
...
}
Something like this would be the expected way the Auth Rules would work, however, I can only create rules based on the current type.
The final missing Auth Rule, is an Auth Rule based on External Types.
This is probably the easiest to fix.
Let's say I have a post:
If I want to allow an Admin to edit this post, I have to use JWT. I should be able to edit the link by making a rule directly from the database instead.
Something like this would be the expected way the Auth Rules would work, however, I can only create rules based on the current type.
This should be allowed by default.
https://discuss.dgraph.io/t/feature-request-non-type-related-query-auth-rule/11086
Anthony created a complicated work-around, but this should not be necessary:
https://dev.to/verneleem/graphql-rbac-without-jwt-roles-1i1m
J