Skip to content

Commit

Permalink
fix(hasura): add access permissions for storage and security_keys tables
Browse files Browse the repository at this point in the history
  • Loading branch information
@xmlking
xmlking committed Jun 22, 2024
1 parent 2987bc6 commit 61586c3
Show file tree
Hide file tree
Showing 5 changed files with 66 additions and 12 deletions.
11 changes: 11 additions & 0 deletions apps/console/schema.graphql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,7 @@ type authUserSecurityKeys {

"""An object relationship"""
user: users!
userId: uuid!
}

"""
Expand Down Expand Up @@ -325,12 +326,14 @@ input authUserSecurityKeys_bool_exp {
id: uuid_comparison_exp
nickname: String_comparison_exp
user: users_bool_exp
userId: uuid_comparison_exp
}

"""aggregate max on columns"""
type authUserSecurityKeys_max_fields {
id: uuid
nickname: String
userId: uuid
}

"""
Expand All @@ -339,12 +342,14 @@ order by max() on columns of table "auth.user_security_keys"
input authUserSecurityKeys_max_order_by {
id: order_by
nickname: order_by
userId: order_by
}

"""aggregate min on columns"""
type authUserSecurityKeys_min_fields {
id: uuid
nickname: String
userId: uuid
}

"""
Expand All @@ -353,6 +358,7 @@ order by min() on columns of table "auth.user_security_keys"
input authUserSecurityKeys_min_order_by {
id: order_by
nickname: order_by
userId: order_by
}

"""
Expand All @@ -371,6 +377,7 @@ input authUserSecurityKeys_order_by {
id: order_by
nickname: order_by
user: users_order_by
userId: order_by
}

"""
Expand All @@ -382,6 +389,9 @@ enum authUserSecurityKeys_select_column {

"""column name"""
nickname

"""column name"""
userId
}

"""
Expand All @@ -399,6 +409,7 @@ input authUserSecurityKeys_stream_cursor_input {
input authUserSecurityKeys_stream_cursor_value_input {
id: uuid
nickname: String
userId: uuid
}

scalar citext
Expand Down
2 changes: 1 addition & 1 deletion compose.override.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ services:
console:
## User `cli-migrations-v3` only in local dev env.
## It will automatically apply Migrations and Metadata to a Hasura GraphQL Engine
image: hasura/graphql-engine:v2.39.2-ce.cli-migrations-v3
image: hasura/graphql-engine:v2.40.1-ce.cli-migrations-v3
hostname: console
container_name: console
restart: unless-stopped
Expand Down
12 changes: 6 additions & 6 deletions compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ services:
# traefik proxy
###########################################################################
traefik:
image: traefik:v3.0.1
image: traefik:v3.0.3
hostname: traefik
container_name: traefik
restart: unless-stopped
Expand Down Expand Up @@ -53,7 +53,7 @@ services:
postgres:
image: postgres:16
# image: pgvector/pgvector:pg16
# image: timescale/timescaledb-ha:pg16
# image: timescale/timescaledb-ha:pg16 # no support for Mac ARM yet.
hostname: postgres
container_name: postgres
restart: unless-stopped
Expand Down Expand Up @@ -85,7 +85,7 @@ services:
# hasura service
###########################################################################
graphql:
image: hasura/graphql-engine:v2.39.2-ce
image: hasura/graphql-engine:v2.40.1-ce
hostname: graphql
container_name: graphql
restart: unless-stopped
Expand Down Expand Up @@ -140,7 +140,7 @@ services:
# e.g. ./infra/base/mailpit/certs/ca.pem:/etc/ssl/certs/ca-certificates.crt
###########################################################################
mailpit:
image: axllent/mailpit:v1.18.4
image: axllent/mailpit:v1.18.6
hostname: mailpit
container_name: mailpit
restart: unless-stopped
Expand Down Expand Up @@ -290,7 +290,7 @@ services:
# minio
###########################################################################
minio:
image: bitnami/minio:2024.5.10
image: bitnami/minio:2024.6.13
hostname: minio
container_name: minio
restart: unless-stopped
Expand Down Expand Up @@ -417,7 +417,7 @@ services:
# configserver
###########################################################################
configserver:
image: nhost/cli:v1.18.2
image: nhost/cli:v1.18.3
hostname: configserver
container_name: configserver
restart: unless-stopped
Expand Down
11 changes: 6 additions & 5 deletions nhost/metadata/databases/default/tables/auth_user_security_keys.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ select_permissions:
columns:
- id
- nickname
- user_id
filter:
user_id:
_eq: x-hasura-user-id
Expand All @@ -47,6 +48,7 @@ select_permissions:
columns:
- id
- nickname
- user_id
filter:
user_id:
_eq: x-hasura-user-id
Expand All @@ -57,27 +59,26 @@ select_permissions:
columns:
- id
- nickname
- user_id
filter:
user_id:
_eq: x-hasura-user-id
allow_aggregations: true
comment: ""
delete_permissions:
- role: manager
permission:
filter:
user_id:
_eq: x-hasura-user-id
_eq: x-hasura-auth-elevated
comment: ""
- role: supervisor
permission:
filter:
user_id:
_eq: x-hasura-user-id
_eq: x-hasura-auth-elevated
comment: ""
- role: user
permission:
filter:
user_id:
_eq: x-hasura-user-id
comment: ""
_eq: x-hasura-auth-elevated
42 changes: 42 additions & 0 deletions nhost/metadata/databases/default/tables/storage_files.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,45 @@ object_relationships:
- name: bucket
using:
foreign_key_constraint_on: bucket_id
insert_permissions:
- role: user
permission:
check: {}
columns:
- bucket_id
- created_at
- etag
- id
- is_uploaded
- metadata
- mime_type
- name
- size
- updated_at
- uploaded_by_user_id
set:
uploaded_by_user_id: x-hasura-user-id
select_permissions:
- role: user
permission:
columns:
- bucket_id
- created_at
- etag
- id
- is_uploaded
- metadata
- mime_type
- name
- size
- updated_at
- uploaded_by_user_id
filter:
uploaded_by_user_id:
_eq: x-hasura-user-id
delete_permissions:
- role: user
permission:
filter:
uploaded_by_user_id:
_eq: x-hasura-user-id

0 comments on commit 61586c3

Please sign in to comment.