fix insert fails for non-admin roles on v1/query (fix #327) #328
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0x777
approved these changes
Aug 29, 2018
|
Review app available at: https://hge-ci-pull-328.herokuapp.com |
1 similar comment
|
Review app available at: https://hge-ci-pull-328.herokuapp.com |
|
Review app https://hge-ci-pull-328.herokuapp.com is deleted |
karthikvt26
pushed a commit
to karthikvt26/graphql-engine
that referenced
this pull request
Sep 5, 2018
* add a query to reload schema cache (metadata), close hasura#292 * minor code refactor * simpler root level select fields using primary keys (fix hasura#304) (hasura#306) * select fields by primary key col values as argument values, fix hasura#304 * change field name 'table_by_pkey' to 'table_by_pk' * add links to share and help (hasura#303) * add req_user_id as alias to x-hasura-user-id (fix hasura#317) (hasura#320) * fix insert fails for non-admin roles on v1/query (fix hasura#327) (hasura#328) * fix insert fails for non-admin roles on v1/query, fix hasura#327 * add test case for user role upsert usint constraint name * mutation return type and query type are same (close hasura#315) (hasura#324) * add support for jwt authorization (close hasura#186) (hasura#255) The API: 1. HGE has `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var. The value of which is a JSON. 2. The structure of this JSON is: `{"type": "<standard-JWT-algorithms>", "key": "<the-key>"}` `type` : Standard JWT algos : `HS256`, `RS256`, `RS512` etc. (see jwt.io). `key`: i. Incase of symmetric key, the key as it is. ii. Incase of asymmetric keys, only the public key, in a PEM encoded string or as a X509 certificate. 3. The claims in the JWT token must contain the following: i. `x-hasura-default-role` field: default role of that user ii. `x-hasura-allowed-roles` : A list of allowed roles for the user. The default role is overriden by `x-hasura-role` header. 4. The claims in the JWT token, can have other `x-hasura-*` fields where their values can only be strings. 5. The JWT tokens are sent as `Authorization: Bearer <token>` headers. --- To test: 1. Generate a shared secret (for HMAC-SHA256) or RSA key pair. 2. Goto https://jwt.io/ , add the keys 3. Edit the claims to have `x-hasura-role` (mandatory) and other `x-hasura-*` fields. Add permissions related to the claims to test permissions. 4. Start HGE with `--jwt-secret` flag or `HASURA_GRAPHQL_JWT_SECRET` env var, which takes a JSON string: `{"type": "HS256", "key": "mylongsharedsecret"}` or `{"type":"RS256", "key": "<PEM-encoded-public-key>"}` 5. Copy the JWT token from jwt.io and use it in the `Authorization: Bearer <token>` header. --- TODO: Support EC public keys. It is blocked on frasertweedale/hs-jose#61 * compare only major and minor versions for cli-server (fix hasura#331) (hasura#332) * Revert "add links to share and help (hasura#303)" (hasura#334) This reverts commit 798efdd. * update tests to use access key (close hasura#113) (hasura#296) Closes hasura#113 * generate a returning field in a mutation only when the select permission is defined (fix hasura#340) (hasura#341) * allow selectively updating columns on a conflict during insert (fix hasura#342) * fix primary key changing on upsert, fix hasura#342 * add 'update_columns' in 'on_conflict' object, consider 'allowUpsert' * 'ConflictCtx' type should respect upsert cases * validation for not null fields in an object * console: fix error notification non json, auto height css (hasura#354)
hasura-bot
pushed a commit
that referenced
this pull request
Mar 7, 2024
V3_GIT_ORIGIN_REV_ID: c2a1eb358d139df6234730851beadfff30f29f16
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.