Custom resolver __isLoggedInCompany

nzaleski · November 12, 2020, 5:11pm

I am trying to create a custom resolver that I could then use in the customer role filters.

A little context might help make things clear (and maybe there is an alternate way of doing this)

We are using a Users a individual user, but we have the concept of a company where multiple users could be part of that company.

I am trying to create different roles, for instance User and User-Main. While User would only be able to view their “Saved Carts” a User-Main would be able to view all the “Saved Carts” that belong to their company.

After reading around a little, I think a good solution might be to create a custom resolver. Then inside to custom rules I could use

{
    "company":  {
        "equals": "__isLoggedInCompany"
   }
}

Is this a good approach, and am I able to create a variable like __isLoggedInUse ? Is there something easier that I am missing?

Thanks

sebastian.scholl · November 19, 2020, 5:18pm

Hey @nzaleski! Think of it this way.

Instead of trying to do a __isLoggedInCompany variable (which we don’t support), you have access to the following variables:

• __requestingApiToken - The API Token being used to authenticate the request.

• __loggedInUserEmail - The authenticated users email address.

• __loggedInUserId - The authenticated users ID.

Since this role would be in relation to the Carts table (assuming for saved carts), you could specify a filter like so:

{
  "createdBy": {
    "company": {
      "users": {
        "some": {
          "id": {
            "equals": "__loggedInUserId"
          }
        }
      }
    }
  }
}

Essentially, we’re saying “the Cart was createdBy (User) who belongs to Company, and of that Companies users the logged in user is one of them”.

Also, an alias for the whole id -> equals -> -_loggedInUser is:

{
  is_self: true
}

Hope this helps!

nzaleski · December 1, 2020, 1:18pm

@sebastian.scholl, yes that helps. I was able to implement this. Thanks!