Update by filter not working with permissions

Issue Description: What’s happening?

We are developing a multi tenant application where a user receives notifications depending on the tenant he is in, the database looks like this:

User field Type
id ID
agencies Table(UsersInAgency)
Agency field Type
id ID
users Table(UsersInAgency)
UsersInAgency field Type
user Table(User)
agency Table(Agency)
Notification field Type
user Table(User)
agency Table(Agency)
description String
read Boolean

The app has a dropdown to show the list of notifications and a button to mark them all as read, which executes a query like this

mutation {
    notificationUpdateByFilter(data: { read: { set: true } }, filter: {
        agency: { id: { equals: "<agency-id>" } },
        user: { id: { equals: "<user-id>" } },
        read: { equals: false },
    }) {

The mutation works fine when run without permissions, the problem happens when update permissions are customized on the Notification table. This is the configuration we currently have:

update: {
    allow: true,
    filter: {
      agency: {
        users: { some: { user: { id: { equals: "__loggedInUserId" } } } },

With this permissions config the mutation returns a response like this:

    "data": {
        "notificationUpdateByFilter": {
            "count": 0,
            "items": []

If i hardcode the id of the user in the “__loggedInUserId” variable the mutation works fine.
Also updates on a single Notification (notificationUpdate) works as expected.

Reproduce the Issue: What steps can someone take to replicate the problem?

  1. Create a database structure like the one above
  2. Assign custom update permissions as above
  3. Try to updateByFilter on the entity with the permissions previously configured

Expected Behavior: What did you expect to happen?

Update all available records

Actual Behavior: What actually happened?


Thanks for the report.
We’ve found the problem. Working on a fix. Planning to release update on Monday