profile
viewpoint
Almas Sapargali almassapargali Silkway Labs Kazakhstan almassapargali.com

almassapargali/LocationPicker 212

iOS location picker view controller

almassapargali/PhoenixWebSocket 15

Swift framework for working with websockets on Phoenix

almassapargali/admin-on-rest 0

A frontend framework for building admin SPAs on top of REST services, using React

almassapargali/Alamofire 0

Elegant HTTP Networking in Swift

almassapargali/alexander 0

An extremely simple JSON helper written in Swift.

almassapargali/almassapargali.github.io 0

Source code of http://almassapargali.com

almassapargali/AndroidGitApp 0

My first android app. Which use GitAPI

almassapargali/axios 0

Promise based HTTP client for the browser and node.js

almassapargali/betterspecs 0

RSpec Best Practices

almassapargali/CocoaLumberjack 0

A fast & simple, yet powerful & flexible logging framework for Mac and iOS

issue openedhasura/graphql-engine

Permission conditions based on session variables

We're using hasura as a backend engine for an application with some kind of role based access control. We can't have a fixed set of roles, and each merchant can define their own set of roles with access restrictions based on their business structure. This requires us to have permission checks like this in most of our tables:

Screen Shot 2020-06-03 at 11 52 49

This makes both of our permission conditions, and generated SQL more complex, which in turn affects performance negatively.

It would be great if we could add conditions based on our auth values. For example, let's say our auth endpoint returns:

{
  x-hasura-merchant-id: 12,
  x-hasura-user-id: 5,
  x-hasura-location-ids: [56, 72],
  x-hasura-is-owner: true,
  x-hasura-access-list: [access_menu, access_stats]
}

We'd like to be able to add conditions like

{
  _session_var_check: {
    variable: "x-hasura-is-owner",
    value: {
      _eq: true
    }
}

or

{
  _session_var_check: {
    variable: "x-hasura-access-list",
    value: {
      _contains: "access_stats"
    }
}

Then hasura engine would check session variables first, and if they pass build simpler SQL queries.

created time in a month

startediamkun/dayjs

started time in 2 months

more