graphql-engine: when permissions are missing for column: return null values instead of dropping the column
In our app there are different roles. For the first time now I am encountering the situation that one role needs to not access the data of a few columns in a table.
So I removed the permission for the column lokalname in the console to test this.
But then every query that tries to access the column returns this error:
{
"errors": [
{
"extensions": {
"path": "$.selectionSet.herkunft.selectionSet.lokalname",
"code": "validation-failed"
},
"message": "field \"lokalname\" not found in type: 'herkunft'"
}
]
}
This is hard to solve. We use subscriptions. And store the data locally, as this app is offline capable. The thing that breaks first are the subscriptions. But it is also pretty hard to solve the case of data structure changing in the local store, depending on the role the user has.
This is why the behavior we would like to see is: The api returns the exact same data structure, no matter what columns the user is allowed to access. But columns that the user is not allowed to access contain only null values.
Is this achievable?
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 3
- Comments: 15 (4 by maintainers)
Been using this for more than a year.
It does work BUT, IS VERY SLOW
As the DB fills, permission queries are now the #1 reason for slow performance, and the permission for this null columns is the cause.
Yes you can.
This will be possible with our inherited roles feature. You can simply create a dummy role which gives access to all columns but no rows (by setting an always false condition). Then you can add this dummy role to your actual role to create a new inherited role (say,
role_with_all_cols).Preview here: https://github.com/hasura/graphql-engine/pull/6396
+1 want this feature, it could save a lot of boilerplate code