Skip to content
Copyright © 2022- basebox GmbH, all rights reserved.
Licensed to be used in conjunction with basebox, only.

@bb_roles

Syntax

@bb_roles(_roles: ["TypeWithBbUser"])

Notes

@bb_roles is used to explicitly allow users access to data records they would otherwise not have access to.

We define roles within our schema with @bb_user on a GraphQL type.

Note

Use only GraphQL types annotated with @bb_user in @bb_roles. If a type does not have this annotation, there will be an error during schema compilation (bbc).

This resolver could be used with @bb_restrict_fields in case it is intended to hide/restrict change for specific fields for a specific role.

@bb_roles is only supported on operations with @bb_resolver of _type SELECT, INSERT, INSERT_NESTED, UPDATE and UPDATE_NESTED.

Within the @bb_resolver of an operation the _object attribute must contain a type which is somehow owned; in case the operation does not have the _object attribute, the returned type must be owned.

Operations with @bb_roles annotation can be called within an ORCHESTRATOR in _steps.

Examples

Within the below schema, we have 2 roles in our schema according the used @bb_user annotation. We have the type Game which has to be accessed by both roles.

But Game is owned by the Player role; users with this role can insert such a record with the insertGame mutation. A Player can have multiple games.

However, in our sample an Agent is able to load all games of all players with agentGetGames even if the agent does not own the record.

An Agent is also able to update the Game.credits with updateCredits.

Note

Within updateCredits we demonstrate how @bb_restrict_fields can be used together with @bb_roles to restrict read and write on Game.points and Game.level within a specific operation.

bb_roles to load all data records owned by other users
type Player @bb_user {
   id: ID!
   name: String
   age: Int
}

type Game @bb_owned {
   id: ID! 
   points: Int
   level: String
   credits: String
}

input InsertGame {
   points: String
   level: String
}

type Agent @bb_user {
   id: ID!
   name: String!
   email: String
}

type Query {   
   playerGetGame(id: ID!): Game
   @bb_resolver(
      _type: SELECT
      _filter: { id: { _eq: "$id" } }
      _object: Game
   )

   agentGetGames: [Game!]
   @bb_roles(_roles: ["Agent"])
   @bb_resolver(
      _type: SELECT
      _object: Game
   )
}

type Mutation {
   insertGame(game: InsertGame!): Game
   @bb_resolver(
      _type: INSERT
      _object: Game
      _fields: {
         points: "$game.$points"
         level: "$game.$level"
      }
   )

   updateCredits(newCredits: String!): Game
   @bb_roles(_roles: ["Agent"])
   @bb_restrict_fields(_fields: ["points", "level"])
   @bb_resolver(
      _type: UPDATE
      _object: Game
      _fields: {
         credits: "$newCredits"
      }
   )
}