-
-
Save jgoux/461f5d9f3d717bacf9bcab153e892047 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- this computed field will be used on the table "folders" named "has_access" returning a boolean | |
| -- you can use it in your custom checks in select row permissions on "folders"! | |
| CREATE OR REPLACE FUNCTION user_can_read_folder(folder_row folders, hasura_session json) | |
| RETURNS boolean AS $$ | |
| DECLARE | |
| -- variables! | |
| current_user_id uuid; | |
| BEGIN | |
| -- if, else, loops, queries, recursive calls, other functions, the sky is the limit! | |
| -- get the current user from hasura_session | |
| current_user_id := (VALUES (hasura_session ->> 'x-hasura-user-id'))::uuid; | |
| -- check that the user is a member of the project | |
| IF user_has_project_role(current_user_id, folder_row.project_id, '{"owner","administrator","standard","limited","disabled"}') THEN | |
| -- check that the user has read or write access on the folder | |
| RETURN user_has_folder_access(current_user_id, folder_row.id, '{"write","read"}'); | |
| END IF; | |
| RETURN FALSE; | |
| END | |
| $$ LANGUAGE plpgsql STABLE; |
Nice, but unfortunately it does not work. At least I could not get it to work on Hasura version v2.3.1-cloud.1. Computed fields with more than one argument, even if it's hasura_session, are not made available in the permission setting interface.
If you don't need hasura_session then it's a great solution.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You can now use computed fields in your custom checks (rows select permissions). It opens the door for advanced permission rules using SQL functions receiving the current row and optionally the current session!