Hi!
I have recently encountered a problem when playing around with Auth Rules for queries. I was strongly following Dgraph’s own tutorial but I could not reproduce their expected results.
Consider the following schema:
Schema
type TestAuth @auth(
query:
{ or: [
{ rule: "{ $userType: { eq: \"DEAN\" } }" }
{and : [
{ rule: "{ $userType: { eq: \"STAFF\" } }" }
{ rule: """
query{
queryTestAuth(filter:{not: {type: {eq: DEAN}}}){
id
}
}
""" }
]}
{ rule: """
query{
queryTestAuth(filter:{not: {type: {in: [DEAN,STAFF]}}}){
id
}
}
""" }
]}
){
id: ID!
name: String
type: TestAuthType @search
}
enum TestAuthType {
STUDENT
STAFF
DEAN
}
Expected Results
- If
userType === 'DEAN'=> show ALL results - If
userType === 'STAFF'=> show all but DEAN - Else => show all but DEAN and STAFF
Actual Results
-
OK > if
DEANI get all entries -
OK > if
STAFFI get all butDEAN - FAIL > it still shows all but DEAN
It seems like the problem appears when using more than one query within the auth rules. If I remove one of the the queries, the either case works correctly!