Allow user to edit their own content only in Graphcool permissions
I followed the steps to create an implementation project https://www.graph.cool/ . In the permissions section for the project, I can see and edit the permissions for example. Posts
:
When you click on the line showing what Everyone
can be Edit Data
for the message, a dialog appears. There I can edit the permission so that only registered users can edit posts:
However, how can I create a rule so that users can edit their own posts and not posts created by other users?
source to share
Your question is completely in sync :-) Yesterday, Graphcool released a new advanced permission system based on GraphQL queries that allow you to declare arbitrary permission rules based on relationships in your data.
Restricting UPDATE rights for the owner of a post is a trivial example (code below), but I recommend you take a look at the documentation and start thinking about how this function can help you implement more complex permission rules
Restricting message editing to author
query ($node_id: ID!, $user_id: ID!) {
SomePostExists(filter:{
id: $node_id,
author: {id: $user_id}
})
}
Documentation
https://www.graph.cool/blog/2017-04-25-graphql-permission-queries-oolooch8oh/ https://www.graph.cool/docs/tutorials/authorization-content-management-system-miesho4goo/
source to share