Skip to content

Instantly share code, notes, and snippets.

@GavinRay97
Last active April 12, 2024 18:31
Show Gist options
  • Save GavinRay97/d7b8805078a47e00001e58eb8b1027b9 to your computer and use it in GitHub Desktop.
Save GavinRay97/d7b8805078a47e00001e58eb8b1027b9 to your computer and use it in GitHub Desktop.
Hasura organization permissions

Introduction

This document outlines how to model a common organization-based permission system in Hasura. Let's assume that you have some table structure like the following:

Table Name Columns Foreign Keys
User id, name, email
Organization User id, user_id, organization_id user_id -> user.id, organization_id -> organization.id
Organization id, name

Example Data

Here we have example users, two (John and Jane) belonging to Organization ID 1, and Frank belonging to Organization ID 2:

User Organization User Organization
hasura-org-permissions-user-table hasura-org-permissions-org-user-table hasura-org-permissions-org-table

Relationships

We create the following relationships on our data:

User Organization User Organization
hasura-org-perms-user-relations hasura-org-perms-org-user-relations hasura-org-perm-org-relations

Permissions

And provision the permissions like such:

User Organization User Organization
hasura-org-perm-user-perms hasura-org-perm-org-user-perms hasura-org-permissions-org-perm

Query Results

Now when we query with our X-Hasura-User-Id set as User 1 and 3 respectively, we can see only those users in our own organizations:

User ID 1 (Org 1) User ID 3 (Org 2)
query-as-user-org-1 query-as-user-org-2
@maxcan
Copy link

maxcan commented Jun 23, 2021

@GavinRay97 I think the docs need to clear up how arrays work in permissions. I've also figured this out on my own, but its very unobvious that you can use this:

image

for determining if field of an object of an array matches a variable

@wackyapps
Copy link

Very useful indeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment