Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Args in list access functions #419

Open
SavelevMatthew opened this issue Feb 26, 2024 · 0 comments
Open

Args in list access functions #419

SavelevMatthew opened this issue Feb 26, 2024 · 0 comments

Comments

@SavelevMatthew
Copy link

Good afternoon. I'm using keystone in a work project and I've come across the following need: I want to prevent a part of users from filtering a particular field. For example, I want to prohibit a query of the form:

{
    _allUsersMeta(where: { phone_in: ["xxx", "yyy", "zzz"] })
}

The most logical way, in my opinion, is to modify the access function like this:

{
    fields: {}
    access: {
        read: async ({ authentication: { item: user } } }) {
            if (!user) return false
            if (user.isAdmin) return true
            // Else parse args here
        }
    }
}

The problem is that now ListCRUDProvider Keystone does not pass query arguments to access functions, unlike CustomProvider:

keystone-5/packages/keystone/lib/ListTypes/list.js

Line 486 in ee00f7f

const access = await this.checkListAccess(context, undefined, 'read', { gqlName });

My question is why are the arguments not passed to the access function? Is this a conscious decision or an oversight? And if there is no contradiction, can I help with the implementation?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SavelevMatthew