Skip to content

Instantly share code, notes, and snippets.

@meetzaveri
Last active September 9, 2022 13:04
Show Gist options
  • Save meetzaveri/68151f90d5baeb27464e66130108e868 to your computer and use it in GitHub Desktop.
Save meetzaveri/68151f90d5baeb27464e66130108e868 to your computer and use it in GitHub Desktop.
Issue draft for GH feature request on allowing non-admin role users to access OpenAPI spec 3 RESTified endpoints API

Is your proposal related to a problem?

The OpenAPI 3 specification of the REST endpoints are exposed at /api/swagger/json for admin role only. We want that API to be exposed to different roles too. So different roles will be able to access different schemas (as per the permission level defined in hasura).

Let me explain this with an example: For eg., I have a book table and an author table. And I make a mutation to insert a book, and create a RESTified endpoint from it (as an admin).

I create a role named "editor". This editor role may have permissions to run the mutation to insert a book, but nothing else. But the admin role will be able to insert the book, and also the author through the relationship.

Attaching docs here for reference - https://hasura.io/docs/latest/api-reference/restified/#openapi-3-specification

Currently, you can only pass

X-Hasura-Admin-Secret: <secret>
X-Hasura-Role: admin

If I try to pass role different than "admin" role, then I get following error

{
    "code": "access-denied",
    "error": "You have to be an admin to access this endpoint",
    "path": "$"
}

Describe the solution you'd like

To allow non-admin role users to access this API. So it means different roles having different schemas.

So non-admin role users can also access that endpoint and pass headers with their role like this

X-Hasura-Admin-Secret: <secret>
X-Hasura-Role: editor

Describe alternatives you've considered

--

If the feature is approved, would you be willing to submit a PR?

No as I am unfamiliar with the codebase

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment