Multiple sequential checks/permissions for each role #2605
Description
Right now a role can have a check and permissions associated with the check.
What I was wondering, is if it would be possible to have multiple sequential checks and permissions.
Let me describe a use case. I will try to simplify it for this particular Github issue.
products
---
id
name
price
components
resellers []
company_id
components
----
id
name
product_id
resellers
---
product_id
reseller_company_id
The idea is that companies (supplier) can create a product. And give that product as a component to another company (reseller). This other company (reseller) will get the product as a component and can use it, and other components, to build a new product.
So, when a company (reseller) views its own products, it will doing a query like this:
products { <-- lets view my products
name
price
components { <-- lets see all my components for this products
product { <-- lets see what my supplier is naming this product
name
}
}
}
Now, You might want to create a permissions for this. But it is very hard. Maybe impossible, with the current Hasura. My first try:
{
_or: [{
company_id: { _eq: x-hasura-company-id} <-- I want to be able to see my products
}, {
resellers {
reseller_company_id: { _eq: x-hasura-company-id } <-- I also want to see some information about proucts of my components
}
}]
}
Then the permissions. Errrr. For the first check company_id: { _eq: x-hasura-company-id} I want to see everything.
For the seconds check resellers { reseller_company_id: { _eq: x-hasura-company-id }} I want to only be able to see some limited information (ex name).
Solution (discussion starter)
Lets say you would be able to make multiple sequential checks/permissions. Like this:
check/permission #1
{
company_id: { _eq: x-hasura-company-id}
}
Allow to see everything
check/permission #2
{
resellers {
reseller_company_id: { _eq: x-hasura-company-id }
}
}
Allow to see name only
This is the query I am making:
products { <-- I am an owner, Check #1 OK
name
price
components {
product { <-- I am a reseller, Check #1 fails, Check #2 OK
name
}
}
}
Would this be possible and suitable?
Thanks