Hi there,
I have the following schema in dgraph
type Todo {
id: ID!
text: String! @search(by: [term])
owner: String!
}
I wanted to implement Role-Based Access control (RBAC) using the JWT token. My sample JWT token with role looks like below
{
"http://abc.xyz.com//roles": [
"admin",
"superadmin"
],
"nickname": "abc",
"name": "abc@gmail.com",
"picture": "",
"updated_at": "2020-09-08T12:59:14.801Z",
"email": "abc@gmail.com",
"email_verified": false,
"iss": "https://xxx.us.auth0.com/"
}
I know that I have use @auth directive in the schema to implement the authorization in the schema. I case if my claim contains āisAdminā: ātrueā claim, I can write @auth in the below format
type Todo @auth(
delete: { rule: "{$isAdmin: { eq: \"true\" } }" },
) {
id: ID!
text: String! @search(by: [term])
owner: String!
}
But in the given JWT sample above roles are in the array format. My requirement is to allow delete only if the user role is āadminā or āsuperadminā. My question here is how I write the @auth directive to check, in the above JWT whether the claim āhttp://abc.xyz.com//rolesā contains āadminā or āsuperadminā. Maybe I need to write rule using āinā operator. But i donāt know how to do it. Can anybody help me to write @auth directive for my requirement? Thanks in advance.