ABAC lambda functions hard to debug when using GraphQL - permissions error

Hi @bengsquared!

From what I can tell, editing relationships is a separate write operation after create. So you need create and write permissions.

Try this:

  privileges: [
    {
      resource: Collection("Recipe"),
      actions: {
        read: Query(
          Lambda(
            "ref",
            Equals(
              Identity(),
              Select(["data", "user"], Get(Var("ref")))
            )
          )
        ),
        write: Query(
          Lambda(
            ["oldData", "newData"],
            And(
              Equals(Identity(), Select(["data", "user"], Var("oldData"))),
              Equals(
                Select(["data", "user"], Var("oldData")),
                Select(["data", "user"], Var("newData"))
              )
            )
          )
        ),
        create: Query(
          Lambda(
            "values",
            Equals(Identity(), Select(["data", "user"], Var("values")))
          )
        )
      }
    }
  ]

You can reference the following topic for some similar discussion.