I have a schema in graphcool with these nodes (not sure what the correct term is here... leaf? node? model? type??)
type User @model {
auth0UserId: String @isUnique
createdAt: DateTime!
id: ID! @isUnique
userIdentifier: String
bundleIdentifier: String
updatedAt: DateTime!
devices: [Device!]! @relation(name: "UserOnDevice")
tokens: [Token!]! @relation(name: "TokenOnUser")
}
type Device @model {
id: ID! @isUnique
deviceIdentifier: String!
users: [User!]! @relation(name: "UserOnDevice")
token: Token @relation(name: "DeviceOnToken")
}
I'd like to make it so that a user must be authenticated and be related to the device data to be able to query on it. So, for a query like:
query($deviceIdentifier: String!) {
device(deviceIdentifier: $deviceIdentifier) {
id
}
}
This should return null
unless they are autthenticated and are a user in the specified relation. I was thinking I needed a permission query like this one:
query ($node_id: ID!, $user_id: ID!) {
SomeDeviceExists(filter: {
id: $node_id,
users: {
id: $user_id
}
})
}
But it turns out that is invalid. How do I do it?
query ($node_id: ID!, $user_id: ID!) {
SomeDeviceExists(filter: {
id: $node_id,
users_some: {
id: $user_id
}
})
}
but this does require submitting the user_id in the request.