Skip to content

Commit

Permalink
fix(hasura): fix hasura permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@xmlking
xmlking committed Jun 22, 2024
1 parent 61586c3 commit 1cbc404
Show file tree
Hide file tree
Showing 10 changed files with 239 additions and 89 deletions.
2 changes: 1 addition & 1 deletion ...rc/lib/graphql/QUERY.ListSecurityKeys.gql → .../lib/graphql/QUERY.SearchSecurityKeys.gql
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
query ListSecurityKeys($userId: uuid!) {
query SearchSecurityKeys($userId: uuid!) {
authUserSecurityKeys(where: { userId: { _eq: $userId } }) {
id
nickname
Expand Down
9 changes: 6 additions & 3 deletions nhost/metadata/databases/default/tables/auth_refresh_tokens.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,17 @@ select_permissions:
- type
- user_id
filter:
user_id:
_eq: X-Hasura-User-Id
_and:
- user_id:
_eq: x-hasura-user-id
- type:
_eq: pat
delete_permissions:
- role: user
permission:
filter:
_and:
- user_id:
_eq: X-Hasura-User-Id
_eq: x-hasura-user-id
- type:
_eq: pat
21 changes: 21 additions & 0 deletions nhost/metadata/databases/default/tables/auth_user_providers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,24 @@ object_relationships:
- name: user
using:
foreign_key_constraint_on: user_id
select_permissions:
- role: user
permission:
columns:
- created_at
- id
- provider_id
- provider_user_id
- updated_at
- user_id
filter:
user_id:
_eq: x-hasura-user-id
comment: ""
delete_permissions:
- role: user
permission:
filter:
user_id:
_eq: x-hasura-user-id
comment: ""
74 changes: 74 additions & 0 deletions nhost/metadata/databases/default/tables/auth_user_roles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,77 @@ object_relationships:
- name: user
using:
foreign_key_constraint_on: user_id
insert_permissions:
- role: manager
permission:
check:
user:
defaultOrg:
_in: x-hasura-allowed-orgs
columns:
- role
- user_id
comment: ""
- role: supervisor
permission:
check:
user:
defaultOrg:
_eq: x-hasura-default-org
columns:
- role
- user_id
comment: ""
select_permissions:
- role: manager
permission:
columns:
- role
- created_at
- id
- user_id
filter:
user:
defaultOrg:
_in: x-hasura-allowed-orgs
allow_aggregations: true
comment: ""
- role: supervisor
permission:
columns:
- role
- created_at
- id
- user_id
filter:
user:
defaultOrg:
_eq: x-hasura-default-org
allow_aggregations: true
comment: ""
- role: user
permission:
columns:
- role
- created_at
- id
- user_id
filter:
user_id:
_eq: x-hasura-user-id
comment: ""
delete_permissions:
- role: manager
permission:
filter:
user:
defaultOrg:
_in: x-hasura-allowed-orgs
comment: ""
- role: supervisor
permission:
filter:
user:
defaultOrg:
_eq: x-hasura-default-org
comment: ""
35 changes: 0 additions & 35 deletions nhost/metadata/databases/default/tables/auth_user_security_keys.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,28 +32,6 @@ object_relationships:
using:
foreign_key_constraint_on: user_id
select_permissions:
- role: manager
permission:
columns:
- id
- nickname
- user_id
filter:
user_id:
_eq: x-hasura-user-id
allow_aggregations: true
comment: ""
- role: supervisor
permission:
columns:
- id
- nickname
- user_id
filter:
user_id:
_eq: x-hasura-user-id
allow_aggregations: true
comment: ""
- role: user
permission:
columns:
Expand All @@ -63,20 +41,7 @@ select_permissions:
filter:
user_id:
_eq: x-hasura-user-id
allow_aggregations: true
delete_permissions:
- role: manager
permission:
filter:
user_id:
_eq: x-hasura-auth-elevated
comment: ""
- role: supervisor
permission:
filter:
user_id:
_eq: x-hasura-auth-elevated
comment: ""
- role: user
permission:
filter:
Expand Down
80 changes: 64 additions & 16 deletions nhost/metadata/databases/default/tables/auth_users.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,13 @@ array_relationships:
table:
name: user_security_keys
schema: auth
- name: userOrgRoles
using:
foreign_key_constraint_on:
column: user_id
table:
name: user_org_roles
schema: public
- name: userProviders
using:
foreign_key_constraint_on:
Expand All @@ -126,6 +133,11 @@ computed_fields:
function:
name: user_allowed_orgs
schema: public
- name: defaultOrg
definition:
function:
name: user_default_org
schema: public
select_permissions:
- role: manager
permission:
Expand All @@ -143,16 +155,14 @@ select_permissions:
- last_seen
- locale
- metadata
- new_email
- otp_hash_expires_at
- otp_method_last_used
- phone_number
- phone_number_verified
- ticket
- ticket_expires_at
- updated_at
- webauthn_current_challenge
filter: {}
computed_fields:
- defaultOrg
filter:
defaultOrg:
_in: x-hasura-allowed-orgs
comment: ""
- role: supervisor
permission:
Expand All @@ -170,30 +180,68 @@ select_permissions:
- last_seen
- locale
- metadata
- new_email
- otp_hash_expires_at
- otp_method_last_used
- phone_number
- phone_number_verified
- ticket
- ticket_expires_at
- updated_at
- webauthn_current_challenge
filter: {}
computed_fields:
- defaultOrg
filter:
defaultOrg:
_eq: x-hasura-default-org
comment: ""
- role: user
permission:
columns:
- active_mfa_type
- avatar_url
- created_at
- default_role
- display_name
- email
- email_verified
- id
- is_anonymous
- locale
- metadata
- phone_number
- phone_number_verified
computed_fields:
- defaultOrg
filter:
id:
_eq: x-hasura-user-id
comment: ""
update_permissions:
- role: manager
permission:
columns:
- avatar_url
- default_role
- disabled
- display_name
filter: {}
- email
- locale
- metadata
- phone_number
filter:
defaultOrg:
_in: x-hasura-allowed-orgs
check: null
comment: ""
- role: supervisor
permission:
columns:
- avatar_url
- default_role
- disabled
- display_name
filter: {}
- email
- locale
- metadata
- phone_number
filter:
defaultOrg:
_eq: x-hasura-default-org
check: null
comment: ""
- role: user
Expand Down
44 changes: 43 additions & 1 deletion nhost/metadata/databases/default/tables/public_organizations.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,16 @@ configuration:
allowed_email_domains: allowedEmailDomains
allowed_emails: allowedEmails
custom_root_fields: {}
insert_permissions:
- role: manager
permission:
check: {}
columns:
- allowed_email_domains
- allowed_emails
- description
- organization
comment: ""
select_permissions:
- role: manager
permission:
Expand All @@ -29,7 +39,7 @@ select_permissions:
- organization
filter:
organization:
_in: x-hasura-allowed-orgs
_eq: x-hasura-default-org
- role: user
permission:
columns:
Expand All @@ -38,3 +48,35 @@ select_permissions:
filter:
organization:
_in: x-hasura-allowed-orgs
update_permissions:
- role: manager
permission:
columns:
- allowed_email_domains
- allowed_emails
- description
- organization
filter:
organization:
_in: x-hasura-allowed-orgs
check: null
comment: ""
- role: supervisor
permission:
columns:
- allowed_email_domains
- allowed_emails
- description
- organization
filter:
organization:
_eq: x-hasura-default-org
check: null
comment: ""
delete_permissions:
- role: manager
permission:
filter:
organization:
_in: x-hasura-allowed-orgs
comment: ""

0 comments on commit 1cbc404

Please sign in to comment.