How to implement field level restriction?
Looks like fauna don’t have abilities to doing this - it’s right?
Fauna does not provide field-level restrictions.
For FQL queries, you could employ ABAC roles to create those, and you could use UDFs to compose return objects based on documents that users should not otherwise be able to access.
For GraphQL, any fields described in the schema are accessible to clients performing queries/mutations. However, you could employ a resolver that replaces fields that should not be accessible with, say, a null
value.
How you achieve those depends on what fields you want to restrict, and under what conditions.
I am not understand compleatly how we can use UDFs.
In previleges settings i can define functions as:
But this function return boolean that open or close access. Is we have ability return object from it with only needed fields of this document?
When I mentioned UDF, I was not referring to an ABAC role predicate.
When a query is authenticated with the secret from a token, there are no implicit permissions except that the query can update the token’s identity document. So, no access is granted to read/write documents, generally.
If you add a role that permits execution of UDFs, you can create a UDF that fetches a document and returns a subset of the document’s fields.
For example, suppose you have a “products” collection that contains documents that look like this:
> Get(Ref(Collection("products"), "201"))
{
ref: Ref(Collection("products"), "201"),
ts: 1655827556680000,
data: {
name: 'cups',
description: 'Translucent 9 Oz, 100 ct',
price: 6.98,
quantity: 100,
store: Ref(Collection("stores"), "302"),
backorderLimit: 5,
backordered: false
}
}
You can write a UDF that only returns the name
description
, and price
fields, like this:
CreateFunction({
name: 'getProduct',
body: Query(
Lambda(
"ref",
{
name: Select(["data", "name"], Get(Var("ref"))),
description: Select(["data", "name"], Get(Var("ref"))),
price: Select(["data", "name"], Get(Var("ref"))),
}
)
)
})
Then, you can call the function:
> Call("getProduct", Ref(Collection("products"), "201"))
{ name: 'cups', description: 'cups', price: 'cups' }
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.