Answering my own question here, to hopefully help others with ABAC and GraphQL, happy to get feedback.
connect: ... will create entries in that generated
ClientServices collection (which manages the many-to-many relationship) so you need to set the
create action in your User-defined role. To be careless, set it to
true. To actually control the permission, keep in mind what gets created, here is an example of an added service to a client:
### This is what happens in that generated ClientServices collection
"ref": Ref(Collection("ClientServices"), "281757184150209036"),
"clientID": Ref(Collection("Client"), "278378920433156621"),
"serviceID": Ref(Collection("Service"), "278378920266433037")
So on your
create action will be receiving an object with the
data object similar to the one above. So lets call this object
Where you can access say the clientID ref with
Select(["data", "clientID"], Get(Var("newJoinData")))
disconnect a service from a client, then you probably want to update the
delete action… I’ll update this post when I know how!