Setup todos table permissions

Head over to the Permissions tab under todos table to add relevant permissions.

Insert permission

• In the enter new role textbox, type in “user”
• Click on edit (pencil) icon for “insert” permissions. This would open up a section below, which lets you configure custom checks and allow columns.
• In the custom check, choose the following condition

{"user_id":{"_eq":"X-Hasura-User-Id"}}

Now under column insert permissions, select the title and is_public columns.

Finally under column presets, select user_id from from session variable mapping to X-HASURA-USER-ID.

Note: Session variables are key-value pairs returned from the authentication service for each request. When a user makes a request, the session token maps to a USER-ID. This USER-ID can be used in permission to show that inserts into a table are only allowed if the user_id column has a value equal to that of USER-ID, the session variable.

Click on Save Permissions.

Select permission

Now click on edit icon for "select" permissions. In the custom check, choose the following condition

{"_or":[{"is_public":{"_eq":true}},{"user_id":{"_eq":"X-Hasura-User-Id"}}]}

Under column select permissions, select all the columns.

Click on Save Permissions

Update permission

Now click on edit icon for "update" permissions. In the pre-update custom check, choose With same custom checks as insert.

And under column update permissions, select the is_completed column.

Click on Save Permissions once done.

Delete permission

Finally for delete permission, under custom check, choose With same custom checks as insert, update.

Click on Save Permissions and you are done with access control for todos table.

Get Started with GraphQL Now

Hasura Cloud gives you a fully managed, production ready GraphQL API as a service to help you build modern apps faster.

Try Hasura Cloud for Free