I have asked a similar question in here, but have started a new app and want to see what I would need to do to accomplish this, since the initial question is not exactly what I am trying to achieve now.
I have a User collection here is my schema
type User {
email: String!
profile: Profile!
}
type Profile {
user: User!
bio: String
image: String
}
type Query {
allUsers: [User!]
}
I have a session token from fauna from creating a User after logging in with my own auth. I have a role called user with a Membership to User collection. My understanding is this associates the User that was created and the token was given to that user in the DB.
Now I have a allUsers
query I don’t think it is entirely necessary so I can change it to allProfiles and query the profiles.
Now if I give access in the role to the User Collection to Read and Delete, does that mean any User who has a session can read and delete any record in the User collection, or only the session they are in.
I do want them to read any profiles so that I don’t think should be a problem.
The second part would also be writing, creating and deleting for the profile are going to need a predicate. For example the recommended code is
Lambda("values", Equals(Identity(), Select(["data", "owner"], Var("values"))))
is the owner
a value I need to modify the Profile type in schema like
type Profile {
owner: User!
bio: String
image: String
}
Thanks for any help ahead of time
Update:
There is another thing I am struggling with. I do want to query a Users Profile using their ID. This works but I am concerned about introducing these predicates that are looking for the owner field which I am using user so could easily change that, but the predicate to me is looking for the owner or user field on the Profile document but even when I use the @relation in my schema like so
type User {
email: String!
profile: Profile! @relation(name: "user_profile")
}
type Profile {
user: User! @relation(name: "user_profile")
bio: String
image: String
}
type Query {
allProfile: [Profile!]
}
Looking in the DB the profile attribute is added to the User document so I don’t know how the predicate will work see below
You can see in the next screenshot there is no reference back to the User document so how does the predicate know that it is that User that is trying to say delete the profile
For example when I query the allProfile changed from allUsers A allUsers still exists as a possible query which is fine but I don’t want it accessible to the user role or when a User logs in or a User is created. But you can also see here that the user’s email is available in the allProfile query, now I don’t want that type of query to be possible.
query {
allProfile{
data{
image
bio
user{
email
}
}
}
}
However I still want a relation between profile and user where I can run findUserById query and show their profile, so I need the relation where a user has a profile.
query ($id: ID!) {
findUserByID(id: $id) {
email
profile {
image
bio
}
}
}
I had thought if I removed the User declaration from the Profile this would then prevent the allProfile query from have access to the user which is what I want. Still not solving the availability of the allUsers query but we will leave that for now.
So the issue here is now when I go to do a mutation that creates a profile it no longer has the option to connect it to a user.
type Profile {
#user: User! @relation(name: "user_profile")
bio: String
image: String
}
See how when I have a user_profile relation I can create a profile and connect to a user but without I cannot. This does make sense, but this leaves me at a loss as to how I prevent the Profile query being able to see the users email