Configuration basique des rôles en mode 'dev'

backend/config/dev.yml

@@ -1,9 +1,9 @@
-app_name: "Test Development"
+app_name: "Daddy Dev"
 host_port: 0.0.0.0:8080
 web_ui: true
 
 # debug, error, warn, info
-log_level: "info"
+log_level: debug
 
 # enable or disable http compression (uses gzip)
 http_compress: true
@@ -15,7 +15,7 @@ http_compress: true
 production: false
 
 # Throw a 401 on auth failure for queries that need auth
-auth_fail_block: false
+auth_fail_block: true
 
 # Latency tracing for database queries and remote joins
 # the resulting latency information is returned with the
@@ -65,18 +65,16 @@ cors_debug: false
 auth:
   # Can be 'rails', 'jwt' or 'header'
   type: jwt
-  cookie: _supergraph_session
+  #cookie: _supergraph_session
 
   # Comment this out if you want to disable setting
   # the user_id via a header for testing. 
   # Disable in production
-  creds_in_header: true
+  #creds_in_header: false
 
-  # jwt:
+  jwt:
-  #   provider: auth0
+    provider: hydra
-  #   secret: abc335bfcfdb04e50db5bb0a4d67ab9
+    jwks_url: http://hydra:4444/.well-known/jwks.json
-  #   public_key_file: /secrets/public_key.pem
-  #   public_key_type: ecdsa #rsa
 
   # header:
   #   name: dnt
@@ -87,16 +85,16 @@ auth:
 # In this example actions using this auth can only be
 # called from the Google Appengine Cron service that
 # sets a special header to all it's requests
-auths:
+# auths:
-  - name: from_taskqueue
+  # - name: from_taskqueue
-    type: header
+  #   type: header
-    header:
+  #   header:
-      name: X-Appengine-Cron
+  #     name: X-Appengine-Cron
-      exists: true
+  #     exists: true
 
 database:
   type: postgres
-  host: db
+  host: localhost
   port: 5432
   dbname: daddy
   user: daddy
@@ -105,19 +103,19 @@ database:
   #schema: "public"
   #pool_size: 10
   #max_retries: 0
-  #log_level: "debug"
+  log_level: "debug"
 
   # Set session variable "user.id" to the user id
   # Enable this if you need the user id in triggers, etc
-  set_user_id: false
+  set_user_id: true
 
   # database ping timeout is used for db health checking
   ping_timeout: 1m
 
   # Define additional variables here to be used with filters
   variables:
-    #admin_account_id: "5"
+    # admin_account_id: "5"
-    admin_account_id: "sql:select id from users where admin = true limit 1"
+    # admin_account_id: "sql:select id from users where admin = true limit 1"
 
 
   # Field and table names that you wish to block
@@ -135,67 +133,91 @@ database:
 # which in this case refreshes a materialized view in the database.
 # The auth_name is from one of the configured auths
 actions:
-  - name: refresh_leaderboard_users
+  # - name: refresh_leaderboard_users
-    sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
+  #   sql: REFRESH MATERIALIZED VIEW CONCURRENTLY "leaderboard_users"
-    auth_name: from_taskqueue
+  #   auth_name: from_taskqueue
 
 tables:
-  - name: customers
+  # - name: customers
-    remotes:
+  #   remotes:
-      - name: payments
+  #     - name: payments
-        id: stripe_id
+  #       id: stripe_id
-        url: http://rails_app:3000/stripe/$id
+  #       url: http://rails_app:3000/stripe/$id
-        path: data
+  #       path: data
-        # debug: true
+  #       # debug: true
-        pass_headers: 
+  #       pass_headers: 
-          - cookie
+  #         - cookie
-        set_headers:
+  #       set_headers:
-          - name: Host
+  #         - name: Host
-            value: 0.0.0.0
+  #           value: 0.0.0.0
           # - name: Authorization
           #   value: Bearer <stripe_api_key>
 
-  - # You can create new fields that have a
+  # - # You can create new fields that have a
-    # real db table backing them
+  #   # real db table backing them
-    name: me
+  #   name: me
-    table: users
+  #   table: users
 
 
-#roles_query: "SELECT * FROM users WHERE id = $user_id"
+roles_query: "select * from users where users.email = $user_id"
 
 roles:
+  # Rôle par défaut si l'utilisateur n'existe pas dans la table `users`
   - name: anon
     tables:
-      - name: users
+      # - name: users
-        query:
+      #   insert:
-          limit: 10
+      #     block: true
+      #   query:
+      #     block: true
+      #   update:
+      #     block: true
+      #   delete:
+      #     block: true
 
+  # Rôle par défaut si l'utilisateur existe dans la table `users`
+  # mais que la valeur de la colonne `role` n'est pas définie
   - name: user
     tables:
       - name: users
-        query:
-          filters: ["{ id: { _eq: $user_id } }"]
-
-      - name: products
-        query:
-          limit: 50
-          filters: ["{ user_id: { eq: $user_id } }"]
-          disable_functions: false
-
         insert:
-          filters: ["{ user_id: { eq: $user_id } }"]
+          block: true
-          presets:
+        query:
-            - user_id: "$user_id"
+          filters: ["{ email: { _eq: $user_id } }"]
-            - created_at: "now"
-            
         update:
-          filters: ["{ user_id: { eq: $user_id } }"]
+          columns:
-          presets:
+            - full_name
-            - updated_at: "now"
+          filters: ["{ email: { _eq: $user_id } }"]
-
         delete:
           block: true
 
+  - name: admin
+    match: role = 'admin'
+    tables:
+      - name: users
+        query:
+          filters: []
+
+      # - name: products
+      #   query:
+      #     limit: 50
+      #     filters: ["{ user_id: { eq: $user_id } }"]
+      #     disable_functions: false
+
+      #   insert:
+      #     filters: ["{ user_id: { eq: $user_id } }"]
+      #     presets:
+      #       - user_id: "$user_id"
+      #       - created_at: "now"
+            
+      #   update:
+      #     filters: ["{ user_id: { eq: $user_id } }"]
+      #     presets:
+      #       - updated_at: "now"
+
+        # delete:
+        #   block: true
+
   # - name: admin
   #   match: id = 1000
   #   tables: