Skip to content

Instantly share code, notes, and snippets.

@jgoux
Last active April 22, 2022 13:55
Show Gist options
  • Save jgoux/461f5d9f3d717bacf9bcab153e892047 to your computer and use it in GitHub Desktop.
Save jgoux/461f5d9f3d717bacf9bcab153e892047 to your computer and use it in GitHub Desktop.
-- this computed field will be used on the table "folders" named "has_access" returning a boolean
-- you can use it in your custom checks in select row permissions on "folders"!
CREATE OR REPLACE FUNCTION user_can_read_folder(folder_row folders, hasura_session json)
RETURNS boolean AS $$
DECLARE
-- variables!
current_user_id uuid;
BEGIN
-- if, else, loops, queries, recursive calls, other functions, the sky is the limit!
-- get the current user from hasura_session
current_user_id := (VALUES (hasura_session ->> 'x-hasura-user-id'))::uuid;
-- check that the user is a member of the project
IF user_has_project_role(current_user_id, folder_row.project_id, '{"owner","administrator","standard","limited","disabled"}') THEN
-- check that the user has read or write access on the folder
RETURN user_has_folder_access(current_user_id, folder_row.id, '{"write","read"}');
END IF;
RETURN FALSE;
END
$$ LANGUAGE plpgsql STABLE;
@jgoux
Copy link
Author

jgoux commented Nov 5, 2021

You can now use computed fields in your custom checks (rows select permissions). It opens the door for advanced permission rules using SQL functions receiving the current row and optionally the current session!

@lemes
Copy link

lemes commented Apr 22, 2022

Nice, but unfortunately it does not work. At least I could not get it to work on Hasura version v2.3.1-cloud.1. Computed fields with more than one argument, even if it's hasura_session, are not made available in the permission setting interface.

If you don't need hasura_session then it's a great solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment