Issue Description: What’s happening?
We are developing a multi tenant application where a user receives notifications depending on the tenant he is in, the database looks like this:
User field | Type |
---|---|
id | ID |
agencies | Table(UsersInAgency) |
… |
Agency field | Type |
---|---|
id | ID |
users | Table(UsersInAgency) |
… |
UsersInAgency field | Type |
---|---|
user | Table(User) |
agency | Table(Agency) |
… |
Notification field | Type |
---|---|
user | Table(User) |
agency | Table(Agency) |
description | String |
read | Boolean |
The app has a dropdown to show the list of notifications and a button to mark them all as read, which executes a query like this
mutation {
notificationUpdateByFilter(data: { read: { set: true } }, filter: {
agency: { id: { equals: "<agency-id>" } },
user: { id: { equals: "<user-id>" } },
read: { equals: false },
}) {
...
}
The mutation works fine when run without permissions, the problem happens when update permissions are customized on the Notification table. This is the configuration we currently have:
update: {
allow: true,
filter: {
agency: {
users: { some: { user: { id: { equals: "__loggedInUserId" } } } },
},
},
},
With this permissions config the mutation returns a response like this:
{
"data": {
"notificationUpdateByFilter": {
"count": 0,
"items": []
}
}
}
If i hardcode the id of the user in the “__loggedInUserId” variable the mutation works fine.
Also updates on a single Notification (notificationUpdate) works as expected.
Reproduce the Issue: What steps can someone take to replicate the problem?
- Create a database structure like the one above
- Assign custom update permissions as above
- Try to updateByFilter on the entity with the permissions previously configured
Expected Behavior: What did you expect to happen?
Update all available records
Actual Behavior: What actually happened?
Nothing