Found on v20.11.2 Schema: type Foo @auth( add: { rule: "{$ROLE: { eq: \"ADMIN\" }}" } delete: { rule: "{$ROLE: { eq: \"ADMIN\" }}" } update: { rule: "{$ROLE: { eq: \"ADMIN\" }}" } ) { id: String! @id blas: [Bla!]! @hasInverse(field: foo) } type Bla { foo: Foo } # Dgraph.Aut…

[Bug] Auth rules of parent not respected when child with `hasInverse` is added

maaft March 5, 2021, 9:44am 2

Could anyone reproduce this?

It’s a security issue!

Topic		Replies	Views
[Bug] @auth on interface does not respect or-rules GraphQL status:accepted , kind:bug , ticket:created	4	711	February 8, 2021
Can't Update Node to Create Edge Due to Auth Rules GraphQL mutation , auth	1	616	March 5, 2021
Why my authorization rules can't work Dgraph	26	1649	August 26, 2022
Feature Request: Update After @auth Validation GraphQL kind:enhancement , kind:feature	30	4364	December 5, 2021
Auth rule fails to filter on field in type GraphQL kind:question	2	562	March 27, 2021