Use Singleton using User secret

Hello !

I’ve been trying to use a simple query with a user secret (this query is made simple, I’m actually not using Get/Singleton to get a Ref data !

const response = await fauna.query(
  q.Get(
    q.Singleton(q.Ref(q.Collection('lessons'), '259055206731350528')),
  ),
  { secret },
);

And end up with {"message":"Insufficient privileges to perform the action."}.

If I remove the secret & use the server or admin, it is working fine. Is there any privileges I need to give to the user to Get | Paginate over Singleton ? Thanks :wink:

Tokens do not provide any privileges by default, whereas an admin or server key would. Likely, you need to create a role that grants the appropriate privileges to the token being used.

For the query example that you included, the Singleton function isn’t doing anything for you. A specific ref doesn’t need to be turned into a set before Get can be used to fetch the ref’s contents. If you do have a set with multiple items, Get can be used to fetch the first item from the set (first is based on the set’s lexical ordering). For example, Get(Documents(Collection("users"))).

Thanks for your answer @ewan, the user already has privileges to the lessons collection & the used Indexes. The issue is really about Singleton, I will try to show the full example.

const match = req.query.id
 ? q.Singleton(q.Ref(q.Collection('lessons'), req.query.id))
 : q.Match(q.Index('lessonsFilterByPublished'), true);

const data = await fauna.query(
  Paginate(
    Join(
      match,
      lesson => Match(Index("itemsByLesson"), [q.CurrentIdentity(), lesson])
    )
  ),
  { secret }
)

The match changes depending on giving an id or not.
So I’m using Singleton to transform the Ref into a SetRef that Join can consume.

The query itself works if I’m giving the userRef instead of secret + CurrentIdentity().
I ended up showing that even a simple query like :

q.Get(
  q.Singleton(q.Ref(q.Collection('lessons'), '259055206731350528')),
)

Was not working with a secret. Even if the user has the privilege to read the lessons Collection.

Any idea to proceed ? Thanks

1 Like

I’ve been able to reproduce the problem, which seems like it might be a bug, or limitation, of Roles interacting with Singleton sets. I’m asking our engineering team about this, and hope to be able to report something useful soon.

1 Like