ABAC lambda functions hard to debug when using GraphQL - permissions error

ptpaterson · July 22, 2020, 12:20am

From what I can tell, editing relationships is a separate write operation after create. So you need create and write permissions.

Try this:

  privileges: [
    {
      resource: Collection("Recipe"),
      actions: {
        read: Query(
          Lambda(
            "ref",
            Equals(
              Identity(),
              Select(["data", "user"], Get(Var("ref")))
            )
          )
        ),
        write: Query(
          Lambda(
            ["oldData", "newData"],
            And(
              Equals(Identity(), Select(["data", "user"], Var("oldData"))),
              Equals(
                Select(["data", "user"], Var("oldData")),
                Select(["data", "user"], Var("newData"))
              )
            )
          )
        ),
        create: Query(
          Lambda(
            "values",
            Equals(Identity(), Select(["data", "user"], Var("values")))
          )
        )
      }
    }
  ]

You can reference the following topic for some similar discussion.

Topic		Replies	Views
RBAC permissions for creating relationships in GraphQL Help graphql	4	990	June 24, 2020
Debug best practices for ABAC functions in GraphQL? Help graphql , fql , best-practices	3	474	January 17, 2023
Display values passed into a lambda Help graphql , fql , authentication	4	640	February 8, 2021
Permission denied when predicate set for collection, but works when boolean true Help fql , authentication	5	1287	May 4, 2021
Running UDF in ABAC Predicate results in Permission Denied Help authentication , abac , logging	7	411	December 23, 2021

ABAC lambda functions hard to debug when using GraphQL - permissions error

Related Topics