Found on v20.11.2 Schema: type Foo @auth( add: { rule: "{$ROLE: { eq: \"ADMIN\" }}" } delete: { rule: "{$ROLE: { eq: \"ADMIN\" }}" } update: { rule: "{$ROLE: { eq: \"ADMIN\" }}" } ) { id: String! @id blas: [Bla!]! @hasInverse(field: foo) } type Bla { foo: Foo } # Dgraph.Aut…

[Bug] Auth rules of parent not respected when child with `hasInverse` is added

amaster507 (Anthony Master) December 5, 2021, 11:13pm 8

I would say this “bug” should not be fixed until field level auth is developed or else it will break normal operation for many many users!

2 Likes

Topic		Replies	Views
[Bug] @auth on interface does not respect or-rules GraphQL status:accepted , kind:bug , ticket:created	4	711	February 8, 2021
Can't Update Node to Create Edge Due to Auth Rules GraphQL mutation , auth	1	616	March 5, 2021
Why my authorization rules can't work Dgraph	26	1649	August 26, 2022
Feature Request: Update After @auth Validation GraphQL kind:enhancement , kind:feature	30	4364	December 5, 2021
Auth rule fails to filter on field in type GraphQL kind:question	2	562	March 27, 2021