Auth rules seem to fail when using multiple queries in and / or construct

Hi!

I have recently encountered a problem when playing around with Auth Rules for queries. I was strongly following Dgraph’s own tutorial but I could not reproduce their expected results.

Consider the following schema:

Schema

type TestAuth @auth(
  query:
    { or: [
      { rule: "{ $userType: { eq: \"DEAN\" } }" }
      {and : [
        { rule: "{ $userType: { eq: \"STAFF\" } }" }
        { rule: """
        query{
          queryTestAuth(filter:{not: {type: {eq: DEAN}}}){
            id
          }
        }
        """ }
      ]}
      { rule: """
      query{
        queryTestAuth(filter:{not: {type: {in: [DEAN,STAFF]}}}){
          id
        }
      }
      """ }
    ]}
){
  id: ID!
  name: String
  type: TestAuthType @search
}

enum TestAuthType {
  STUDENT
  STAFF
  DEAN
}

Expected Results

  1. If userType === 'DEAN' => show ALL results
  2. If userType === 'STAFF' => show all but DEAN
  3. Else => show all but DEAN and STAFF

Actual Results

  1. OK > if DEAN I get all entries
  2. OK > if STAFF I get all but DEAN
  3. FAIL > it still shows all but DEAN

It seems like the problem appears when using more than one query within the auth rules. If I remove one of the the queries, the either case works correctly!

This problem is fixed with the latest update

v21.03.0-92-g0c9f60156

1 Like