Suppose, we have an inherited role, inherited_role which inherits from two roles role1 and role2 which are defined as the following manner:
{
"select_permissions": [
{
"role": "role1",
"permission": {
"columns": [
"name"
],
"filter": {
"id": {
"_eq": "X-Hasura-User-Id"
}
}
}
},
{
"role": "role2",
"permission": {
"columns": [
"name"
],
"filter": {}
}
}
]
}Now, as role1 and role2 do not define a limit, the inherited select permission will also not have a limit.
Suppose, we'd like a limit set for the inherited select permission and do it without modifying the limit of the parent roles, we can do it by creating a new role which we can call as a base inherited role whose only purpose is to set a limit.
We can define the base role's permission in the following manner:
{
"role": "base_role",
"permission": {
"columns": [],
"filter": {
"id": {
"_is_null": true
}
},
"limit": 100
}
}The key part of a base role to work well is to set the filter of the select permission to always evaluate to false, one idea
is to check the primary key of the table to be equal to null.
Also, since the base role is intended to be used only with inherited roles we can set the columns field to be [].
Now, if we update our inherited_role to inherit from the base_role as well, then the limit of the inherited select permission will
be the limit set in the base role, if none of the parent roles have limit set, otherwise, it will be the max of the limits of the parent roles
including the base role's limit.