Setup todos table permissions

Head over to the Permissions tab under todos table to add relevant permissions.

Insert permission

  • In the enter new role textbox, type in “user”
  • click on edit (pencil) icon for “insert” permissions. This would open up a section below which lets you configure custom checks and allow columns.
  • In the custom check, choose the following condition
{"user_id":{"_eq":"X-Hasura-User-Id"}}

Todos row permission insert

Now under column insert permissions, select the title and is_public columns.

Todos insert column permission

Finally under column presets, select user_id from from session variable mapping to X-HASURA-USER-ID.

Note: Session variables are key-value pairs returned from the authentication service for each request. When a user makes a request, the session token maps to a USER-ID. This USER-ID can be used in a permission to show that inserts into a table are only allowed if the user_id column has a value equal to that of USER-ID, the session variable.

Click on Save Permissions.

Select permission

Now click on edit icon for "select" permissions. In the custom check, choose the following condition

{"_or":[{"is_public":{"_eq":true}},{"user_id":{"_eq":"X-Hasura-User-Id"}}]}

Todos select permission row

Under column select permissions, select all the columns.

Todos select column permission

Click on Save Permissions

Update permission

Now click on edit icon for "update" permissions. In the custom check, choose With same custom checks as insert.

And under column update permissions, select the is_completed column.

Todos update permission

Click on Save Permissions once done.

Delete permission

Finally for delete permission, under custom check, choose With same custom checks as insert, update.

Todos delete permission

Click on Save Permissions and you are done with access control for todos table.