Get RBAC working for queries and mutations

config/dev.yml

@@ -22,7 +22,7 @@ enable_tracing: true
 
 # Watch the config folder and reload Super Graph
 # with the new configs when a change is detected
-reload_on_config_change: false
+reload_on_config_change: true
 
 # File that points to the database seeding script
 # seed_file: seed.js
@@ -53,7 +53,7 @@ auth:
 
   # Comment this out if you want to disable setting
   # the user_id via a header. Good for testing
-  header: X-User-ID
+  creds_in_header: true
 
   rails:
     # Rails version this is used for reading the
@@ -143,6 +143,8 @@ tables:
     name: me
     table: users
 
+roles_query: "SELECT * FROM users as usr WHERE id = $user_id"
+
 roles:
   - name: anon
     tables:
@@ -164,6 +166,10 @@ roles:
 
   - name: user
     tables:
+      - name: users
+        query:
+          filter: ["{ id: { _eq: $user_id } }"]
+
       - name: products
 
         query:
@@ -189,9 +195,10 @@ roles:
         delete:
           deny: true
 
-  - name: manager
+  - name: admin
+    match: id = 1
     tables:
       - name: users
         
-        select:
-          filter: ["{ account_id: { _eq: $account_id } }"]
+        # select:
+        #   filter: ["{ account_id: { _eq: $account_id } }"]

config/prod.yml

@@ -47,10 +47,6 @@ auth:
   type: rails
   cookie: _app_session
 
-  # Comment this out if you want to disable setting
-  # the user_id via a header. Good for testing
-  header: X-User-ID
-
   rails:
     # Rails version this is used for reading the
     # various cookies formats.