#User permissions on item creation

6 messages · Page 1 of 1 (latest)

rain yarrow
#

I would like to setup a permission that allow users to book sessions for themself.
My database is organised in a way that the technician is related with a user, so I want create this permissions dinamicly meaning that a techcnician can only create a sessions if the technician field corresponds to the $current_user.
"technician.user.id === $CURRENT_USER"

I have done many permissions like this in view and update and works perfectly but in the creation I see only the top level field "technician" bellow is a printscreen:

is it possible to enforce this validation?
thanks

Screenshot_2023-06-22_at_13.15.15.png
summer bridgeBOT
#

Thanks for posting! This is a community powered server, so you may or may not get an answer based on available help and expertise. To increase your chances of somebody being able to help you, please help us help you making sure you:

  • Adding an explanation of exactly what you're trying to achieve.
  • Adding any and all related code or previous attempts.
  • Describing the exact issue or error you are facing.
  • Posting any screenshots if applicable.
  • Reading through https://stackoverflow.com/help/how-to-ask.

When you're done with this thread, please close it. Thanks! ✨

(If you have a support agreement and need help, please contact the core team via email.)

versed nest
#

You might need to add an alias field to technician that refers to the user relation, then those filters will allow you to navigate through the data graph from this side too.

rain yarrow
#

Hi Manuel,
thanks for your answer but things are related already, Im not sure how that would help or I'm not understanding you fully.
Please look the pictures bellow
1 and 2 shows the technician collection and the treatment collection fields
3 shows an example of adjusting this permissions on "update" instead of create and as you can see I have that field there to filter

sessions_collection.png technicians_collection.png example_on_update.png
versed nest
#

You in fact have done everything as I would do. Strange that you cannot access the nested fields of technician. I see that it works for item permissions, but when creating an item, you are actually under field validation where things appear differently. Try to raw edit those rules as json, I think just the ui is buggy but the logic will work.

rain yarrow
#

hi @versed nest thanks for your answer again. That was not the solution but helped me to find the right solution. I will leave it here in case of being useful for you or anyone else:

  • The UI is correct, because we we do a POST to create the item, we will be sending the ID of the technician only, check printscreen one.
  • So we need to do a validation against that ID and not the user_id, so what I ended up doing was to create an alias field (one to many) on the directs_users collection related to the technician.
  • And now I can validate against that because of the https://docs.directus.io/reference/filter-rules.html#dynamic-variables , check printscreen two and three.

Thanks again for the help!

api_payload.png field_validation.png api_error.png
Filter Rules | Directus Docs

REST and GraphQL API documentation for filter rules in Directus.