https://github.com/pyramation/graphile-column-select-grants-example

https://github.com/pyramation/graphile-column-select-grants-example

Last synced: about 1 year ago
JSON representation

• Host: GitHub
• URL: https://github.com/pyramation/graphile-column-select-grants-example
• Owner: pyramation
• License: mit
• Created: 2020-09-24T01:48:55.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2020-09-24T16:53:16.000Z (over 5 years ago)
• Last Synced: 2025-03-13T02:03:51.638Z (over 1 year ago)
• Language: JavaScript
• Size: 18.6 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# graphile-mutation-example

example for 

https://github.com/pyramation/graphile-column-privileges-mutations

## seed db

```sh

createdb mutation_example

psql mutation_example < roles.sql

psql mutation_example < user.sql

psql mutation_example < schema.sql

```

## run server

```sh

yarn && yarn run app_user

```

## open exporer

open http://localhost:5678/graphiql

Example of creating a user

```gql

mutation CreateUserMutation {

  createUser(

    input: {

      user: {

        email: "pyramation@example.com"

        username: "pyramation"

        password:"password"

      }

    }

  ) {

    user {

      id

      username

      email 

    }

  }

}

```

which returns happily

```json

{

  "data": {

    "createUser": {

      "user": {

        "id": 5,

        "username": "pyramation",

        "email": "pyramation@example.com"

      }

    }

  }

}

```

Now querying a field that you are not able to

```gql

mutation CreateUserMutation {

  createUser(

    input: {

      user: {

        email: "pyramation@example.com"

        username: "pyramation"

        password:"password"

      }

    }

  ) {

    user {

      id

      username

      email 

      password

    }

  }

}

```

and you get a permission denied error

```json

{

  "errors": [

    {

      "message": "permission denied for table users",

      "locations": [

        {

          "line": 2,

          "column": 3

        }

      ],

      "path": [

        "createUser"

      ]

    }

  ],

  "data": {

    "createUser": null

  }

}

```

## notes

You must run as the `app_user` in order for the privileges to work, otherwise you ultimately end up running as the postgres user or the owner of the table who by default has privileges, and hence will bypass the column grants.

```sh

yarn run app_user

```

If you want, for some reason to use an admin user, we've included this for testing purposes:

```sh

yarn run admin_user

```