I'm new to GraphQL and Amplify, and I basically want to accomplish this from the cli:
type User #model {
id: ID!
follows: [User]
}
So a user can follow other users, and I want to be able to add users to follow to a user, get a list of the users a user follows, and also list all the users who follows a specific user. I would guess this quite basic setup shuold be possible quite easily from the cli as I have been able to setup other such relations (but between different types), however, this (maybe naive) schema does not give me the mutations and queries I would like when running amplify push api.
What is the best way to accomplish what I want?
Related
I'm fairly new to Amplify and been playing around with it for a couple of weeks now. I've been incorporating it into Next.js, which is pretty nice.
I originally created a new User table/record using lambda function: after a user signs up and confirms their email, it should automatically create a new record in the User table with some information. I only did this because I thought Amplify only provided a few attributes, but until recently I found out that you can pretty much create custom attributes.
So, because of this, would there be an argument to create another User table? I would like to know how people are handling User information in big applications.
I guess one thing I can think of is making relationships with other tables. I haven't gone too far into figuring this out, but is it possible to still make connections if I don't have User table in my graphql schema?
Yes I have the same issue and was thinking to have a Users table where I enable owner authorization. This Owner-based authorization allows you to tie a data record to a user. Owners can read, create, update, and delete the record.
Allow the owner to perform these operations on their own records:
Create
Read
Update
Delete
I want to build an admin tool based on a Hasura backend.
Different users will have different level of access based on roles.
Will I be able to do introspection per role and therefore know which fields (from queries) and buttons (for mutations) to show?
After clarification from OP it became possible to answer this question.
Yes. Hasura generates different schema for different roles.
How to check them?
A. Permissions summary
Go in hasura console to https://[hasura address]/console/data/schema/public/permissions
You will see something similar to:
Note here:
admin role has access to all registered objects and all fields
other roles have access to different sets of objects and different set of fields with different row security checks.
B. Hasura API Explorer
Go to: https://[your hasura]/console/api-explorer.
Set x-hasura-role in Request Headers:
Try to do queries and mutations.
You'll see that sets of objects and fields are different for different roles.
C. Allowed List
If you activated Allowed List (which is recommended for production)
(and if graphql inspection query is not in your Allowed List )
then graphql inspection will be disabled for all roles except admin:
For those who are interested in enabling introspection query - check https://github.com/hasura/graphql-engine/blob/master/server/src-rsr/introspection.json
Cannot find anywhere on Google Identity Platform docs that clearly describe whether it's possible to assign a single user to multiple tenants. see https://cloud.google.com/identity-platform/docs/multi-tenancy-managing-tenants
My project needs the capability to have a single user be able to login to multiple, separate tenants. Currently, I have to create a new user on every tenant I want to be able to login to. This is not good because each new user I create has a different uid and separate password management. For a single user, I want to be able to maintain the same uid across tenants so the associated user data can be consistent as well.
I was thinking there would be some way to create a user at the project level (not tenant level) and then assign that user to specific tenants?
Some random thoughts: The docs say some things about migrating users between tenants, perhaps that is one way. Also was thinking that creating a tenant user with my existing project-level uid would somehow merge them so the uid and password management is the same?
Edit: I found this conceptual discussion to be helpful: https://softwareengineering.stackexchange.com/questions/403274/multitenancy-with-cross-tenant-users
what I gathered from that link is that SSO is separate from multi-tenancy. So I'm trying to figure out an SSO solution on top of multi-tenancy google idp. Any code solutions/suggestions for how to add SSO on top of multi-tenant google identity platform?
If you need the same user across tenants maybe you should instead rely on the user email, custom claims, federated ID (eg. user.providerData[0].uid). When you get an ID token for the user you have access to this same information regardless of the tenant or user.uid.
I am building a social network web site. In my social network user can set access permission for their own post. For example like facebook, they can set permission only friends, only me, public, custom. I am using the Algolia search engine to filter the posts for the user. When a user creates a post, I will save the post with the permission field which is public or friends and other. If it's friends I will add his/her friends ids in another filed named accessList.
Post {
id: 'postId1334'
text: 'This is a test'
permission: 'Friends'
accessList: ['userId1', 'userId123', 'userId2341', 'userId13455']
}
When a user opens the timeline I will query with the filter= permission: Public OR accessList: currentUserId which means find the posts which have ``public permissionor current user identifier includes the postaccess list`.
Everything working well until we have changed in user friend list. If the user removes or adds a new user to his/her friend list they can see or not see some posts which saved with the permission of Only Friends. For this case, any change on user friend list I have to update all user posts accessList adapt with new friend list.
Is there another way to set permission for user access posts?
Or I need to use another kind of data structure?
Or maybe I need to change my query filter?
I do not see any need for change in the data structure. Because Algolia is schemaless, the structure you describe is how you will replicate the "association" between Post and access list Users.
I'm designing an app that counts on accessing multiple API's that need the certain users credentials which are provided when a user allows access via OAuth. I'm new to designing programs like this and I'm trying to wrap my head around the easiest way to do this. Here is what I was thinking:
During the Oauth process I specify the callback url (lets call it A)
Create a POST route for url A that points to a function in the user controller
That function then parses the JSON data with the API Key+Secret, hashes the data, and stores it in a column of the user table.
Would this be the best way to go about this?
One thing I'll say is don't tie these directly to your users. Sometimes users may want to authorize multiple accounts, and sometimes multiple users may authorize the same account. Since you can only have one active refresh token per oauth account, these creds should be kept in a separate table and then linked with a many-to-many for flexibility