Resolver Role Permissions

What’s your idea?

Please add Role Permissions to resolvers.

What problem might it solve?

I just spent a while setting up a resolver that was meant to be used by my “GUEST” role. Sadly after setting everything up and testing. I got a permissions error which is fine.

I then went to 8base Roles page, to configure my Guest role to have access to run this resolver, but was surprised to find that there’s seemingly no way to allow GUEST roles to do this (or disallow other roles from doing it).

This would allow and disallow certain roles from invoking certain resolvers.

The example where I needed it was as follows:

I have an email list in my 8base database, each email can be subscribed to multiple different lists. I don’t want my Guest Role to have access to READ all of my email list.

the “Email” field in my list is unique (I don’t want multiple records of the same email)

So I wanted to create a Resolver to either add a new list to an existing email or create a new record if needed. To do this it needs to do a check if the email already exists in the database, if it does, update it, else create a new one.

Since Guests currently cannot execute Resolver functions. I’m forced to add FULL read access to my email list and do this logic on the frontend :frowning: I did try setting it the perms to “User created Fields” instead of “FULL ACCESS” But that also doesn’t work for Guests.

Either way, this is something I’d prefer to do in a Resolver so the end-user doesn’t have to fire multiple requests just to sign up to a newsletter.

Any ideas on how you think it could/should work?

Use the current Role system & add a section for Resolver permissions.

Hey Mark - just go to the Api tab of your Guest role.

Just check the resolver checkbox to make it available.

Then, inside the resolver, if you need to read the email list you can make a query using the checkPermission: false option like:

ctx.api.gqlRequest(QUERY, VARIABLES, { checkPermissions: false })

1 Like

@sebastian.scholl Thank you! Did not know you could do that :smiley: