I have a auth Role, which has a Users collection set as the membership. I create a user and login with fql auth, I recieve a token, and test it in the graphql playground with the Bearer token header set. I can create a document from another collection that is assigned in the priveledges in the auth Role, when the create is checked, but when I assign this function to preven writing to other users data, I get a permission denied error creating the document. What might be the reason for this.
This is the function I am using for the create on the collection lets call it Form
// Only write to your own data but
// only create data to youself.
Lambda("values", Equals(Identity(), Select(["data", "owner"], Var("values"))))
I have tried connecting to the user to see if it would allow me to create the document
mutation{
createForm(data:{name:"Form #1",user:{connect:"292265696650330632"}}){
_id
}
}
Here are all the priveledges
{
ref: Role("Auth"),
ts: 1614986437030000,
name: "Auth",
privileges: [
{
resource: Collection("FormEntryData"),
actions: {
read: Query(
Lambda(
"ref",
Equals(Identity(), Select(["data", "owner"], Get(Var("ref"))))
)
),
write: Query(
Lambda(
["oldData", "newData"],
And(
Equals(Identity(), Select(["data", "owner"], Var("oldData"))),
Equals(
Select(["data", "owner"], Var("oldData")),
Select(["data", "owner"], Var("newData"))
)
)
)
),
create: Query(
Lambda(
"values",
Equals(Identity(), Select(["data", "owner"], Var("values")))
)
),
delete: Query(
Lambda(
"ref",
Equals(Identity(), Select(["data", "owner"], Get(Var("ref"))))
)
),
history_read: false,
history_write: false,
unrestricted_read: false
}
},
{
resource: Collection("Form"),
actions: {
read: Query(
Lambda(
"ref",
Equals(Identity(), Select(["data", "owner"], Get(Var("ref"))))
)
),
write: Query(
Lambda(
["oldData", "newData"],
And(
Equals(Identity(), Select(["data", "owner"], Var("oldData"))),
Equals(
Select(["data", "owner"], Var("oldData")),
Select(["data", "owner"], Var("newData"))
)
)
)
),
create: Query(
Lambda(
"values",
Equals(Identity(), Select(["data", "owner"], Var("values")))
)
),
delete: Query(
Lambda(
"ref",
Equals(Identity(), Select(["data", "owner"], Get(Var("ref"))))
)
),
history_read: false,
history_write: false,
unrestricted_read: false
}
},
{
resource: Collection("User"),
actions: {
read: true,
write: false,
create: false,
delete: false,
history_read: false,
history_write: false,
unrestricted_read: false
}
},
{
resource: Collection("FormInputVal"),
actions: {
read: Query(
Lambda(
"ref",
Equals(Identity(), Select(["data", "owner"], Get(Var("ref"))))
)
),
write: Query(
Lambda(
["oldData", "newData"],
And(
Equals(Identity(), Select(["data", "owner"], Var("oldData"))),
Equals(
Select(["data", "owner"], Var("oldData")),
Select(["data", "owner"], Var("newData"))
)
)
)
),
create: Query(
Lambda(
"values",
Equals(Identity(), Select(["data", "owner"], Var("values")))
)
),
delete: Query(
Lambda(
"ref",
Equals(Identity(), Select(["data", "owner"], Get(Var("ref"))))
)
),
history_read: false,
history_write: false,
unrestricted_read: false
}
},
{
resource: Index("user_by_email"),
actions: {
unrestricted_read: false,
read: true
}
},
{
resource: Index("allForms"),
actions: {
unrestricted_read: false,
read: true
}
},
{
resource: Index("allFormInputVals"),
actions: {
unrestricted_read: false,
read: true
}
},
{
resource: Index("form_by_ID"),
actions: {
unrestricted_read: false,
read: true
}
},
{
resource: Index("formInputVal_owner_by_form"),
actions: {
unrestricted_read: false,
read: true
}
},
{
resource: Index("unique_User_email"),
actions: {
unrestricted_read: false,
read: true
}
},
{
resource: Index("form_user_by_user"),
actions: {
unrestricted_read: false,
read: true
}
}
],
membership: [
{
resource: Collection("User")
}
]
}
Even when I try to use FQL to write with the token provided from loggin in, I get permission denied.
import { query as q } from "faunadb";
import { serverClient } from "../../utils/fauna-auth";
import { authClient } from "../../utils/fauna-auth";
import { getAuthCookie } from "../../utils/auth-cookies";
export default async (req, res) => {
// const { firstName, lastName, telephone, creditCardNumber } = req.body;
const token = getAuthCookie(req);
console.log(token);
const data = req.body.data;
var element = req.body.data;
element["FormID"] = req.body.id;
try {
await authClient(token).query(
q.Create(q.Collection("FormEntryData"), {
data: element,
})
);
res.status(200).end();
} catch (e) {
res.status(500).json({ error: e.message });
}
};
I can provide what other details are needed.
Thanks
UPDATE: so changing the privledge function for create to this works so jsut have to figure out what i need to change for all of them, including where I am using fql, still would like a response on this though.
Lambda("input", Equals(Identity(), Select(["data", "user"], Var("input"))))
UPDATE: So I have the graphql queries working pretty much, but I dont see how to get the fql queries working
this is the priveldge function
Lambda("values", Equals(Identity(), Select(["data"], Var("values"))))
and this is the fql query
import { query as q } from "faunadb";
import { serverClient } from "../../utils/fauna-auth";
import { authClient } from "../../utils/fauna-auth";
import { getAuthCookie } from "../../utils/auth-cookies";
export default async (req, res) => {
// const { firstName, lastName, telephone, creditCardNumber } = req.body;
const token = getAuthCookie(req);
console.log(token);
const data = req.body.data;
var element = req.body.data;
element["FormID"] = req.body.id;
try {
await authClient(token).query(
q.Create(q.Collection("FormEntryData"), {
data: element,
})
);
res.status(200).end();
} catch (e) {
res.status(500).json({ error: e.message });
}
};