Using the following schema:
type Profile {
id: ID! @id
username: String! @unique(constraintName: "unique_email")
follows: [Profile!]!
@relationship(
type: "FOLLOWS"
properties: "BaseRelationship"
direction: OUT
)
followers: [Profile!]!
@relationship(
type: "FOLLOWS"
properties: "BaseRelationship"
direction: IN
)
}
And extending it to use the @auth directive:
extend type Profile
@auth(
rules: [
{ operations: [CREATE, UPDATE, DELETE, UPDATE, CONNECT, DISCONNECT], allow: { username: "$jwt.name" } }
{ operations: [READ], isAuthenticated: true }
]
)
I am only getting forbidden when I try the following mutation (jwt.name is user1):
mutation UpdateProfiles {
updateProfiles(
where: { username: "user1" }
update: {
follows: [{ connect: [{ where: { node: { username: "user2" } } }] }]
}
) {
info {
relationshipsCreated
}
}
}
Just want to make user1 follow user2 and vice versa. Tried changing allow to bind and to where and variations of the mutation but I can't get it to work.
If I use the same mutation but make both arguments user1, then user1 is able to follow himself, so I assume there is something wrong with not being able to allow the incoming connection to user2.
But how can I allow that the authorized user can follow someone else?