#Permission on Create - nested relation check

1 messages · Page 1 of 1 (latest)

oblique dew
#

Hi all,

I have a collection Post, Company and Employee.

  • Post hasOne Company.
  • Company hasMany Employees.
  • Employee hasOne User (directus_user).

I try to set a permission so that users can only create a Post linked to a Company they belongs to
Basically: post.company.employees[x].user === $CURRENT_USER

I tried something like this for Post permissions:

{
  "_and": [
    {
      "company": {
        "employees": {
          "user": {
            "_in": [
              "$CURRENT_USER"
            ]
          }
        }
      }
    }
  ]
}

It works for Read permission, but not for Create permission.

Any idea why ?
If there's a limitation, what would be the best workaround to add this permission on create ?

Thank you for your help !

charred pebble
#

Hi, in the create permission, you don't have access to the Post relations because it doesn't exist on the DB at this time, you can only access to payload data.
In order to limit creation you can try something like:

{
  "_and": [
    {
      "company": {
        "_eq": "$CURRENT_USER.company.id"
      }
    }
  ]
}