I'm trying to enhance my existing GRANDstack application by implicitly filtering some types. You may also think of this as access-control.
I have a type called HousingUnit. Previously, the Query for HousingUnit was automatically created through schema augmentation. Now I want to limit the returned HousingUnits via a pattern. The request to /graphql will carry a JWT which has some information that will be made available as cypherParams (e.g. userEmail) to identify the current user. For HousingUnit (and other types) I only want to return the types that are CREATED_BY the Organization the user is a part of. A solution for the HousingUnit query looks like this.
HousingUnit: async (parent, info, context, resolveInfo) => {
const session = context.driver.session()
const cypher = `MATCH (u:UserAccount) WHERE u.email = $cypherParams.userEmail MATCH (u)-[:WORKS_FOR]->(o:Organization)
WITH o
MATCH (o)<-[:WORKS_FOR]-(:UserAccount)<-[:CREATED_BY]-(housingUnit:HousingUnit) RETURN housingUnit`
const results = await session
.run(cypher, {
cypherParams: context.cypherParams,
})
.then((result) => {
return result.records.map((record) => {
const obj = record.toObject()
console.log(obj)
return obj.housingUnit.properties
})
})
.catch(console.log)
.then((results) => {
session.close()
return results
})
return results
},
My problem is that due to my explicit cypher query and return of results, I can not due any other filtering or sorting.
The requests
query {
HousingUnit(orderBy:name_asc) {
name
}
}
and
query {
HousingUnit(orderBy:name_desc) {
name
}
}
will yield the same order of results.
Furthermore, we have a lot of different types and I hope there's a simpler way of doing this (maybe middleware or decorators, reusing augmented queries).