Assuming collections as follows… a list of clients… and the ability to connect services to a client:
Client {
services: [Service] @relation(name: "ClientServices")
}
Service {
clients: [Client] @relation(name: "ClientServices")
}
Note: when importing your GraphQL schema this auto-generates a ClientServices collection !!!
So trying to update a client with a new service… ie:
mutation {
updateClient(id: ..., data : {
services: {
connect: ["123", "456"] ## where there are valid service _id's
}
}) { ... }
}
I am getting an insufficient permissions error.
Answering my own question here, to hopefully help others with ABAC and GraphQL, happy to get feedback.
The connect: ... will create entries in that generated ClientServices collection (which manages the many-to-many relationship) so you need to set the create action in your User-defined role. To be careless, set it to true. To actually control the permission, keep in mind what gets created, here is an example of an added service to a client:
### This is what happens in that generated ClientServices collection
{
"ref": Ref(Collection("ClientServices"), "281757184150209036"),
"ts": 1604963440200000,
"data": {
"clientID": Ref(Collection("Client"), "278378920433156621"),
"serviceID": Ref(Collection("Service"), "278378920266433037")
}
}
So on your create action will be receiving an object with the data object similar to the one above. So lets call this object newJoinData :
Lambda(
"newJoinData",
Let(...)
)
Where you can access say the clientID ref with Select(["data", "clientID"], Get(Var("newJoinData")))
If you disconnect a service from a client, then you probably want to update the delete action… I’ll update this post when I know how!