When updating a parent item to add a new child item and the JWT is provided but does not pass the RBAC auth rule, a null payload is responded, If the JWT is not provided an object is returned with the numUids = 0 as expected.
Schema is similar to:
type Contact @auth(
add: { or: [
{ rule: "{$USERROLE: { eq: \"USER\"}}" }
{ rule: "{$USERROLE: { eq: \"ADMINISTRATOR\"}}" }
]}
) {
id: ID!
hasNotes: [Note]
}
type Note @auth(
add: { rule: "{$USERROLE: { eq: \"ADMINISTRATOR\"}}" }
) {
id: ID!
note: String!
}
Mutation is similar to:
mutation addNote {
updateContact(input: {
filter: { id: ["0x5"]}
set: {
hasNotes: [{
note: "Just a sample note..."
}]
}
}) {
numUids
}
}
If I run the mutation without a JWT it returns similar to:
{
"data": {
"updateContact": {
"numUids": 0,
"contact": []
}
},
// ...
}
If I run the mutation with a JWT with USERROLE = USER it returns:
{
"data": {
"updateContact": null
},
// ...
}
I am expecting both returns to contain an object with the numUids = 0.