Field Level Filtering

[andrewalex]

Currently when I need to hide certain fields in a table I use a view. (Ex. table persons view persons_notaxid). This is workable, but a little hairy (such as the person needs to query a different table when they need a ssn, implications of caching issues etc).

However. This can get quickly out of hand when there are multiple fields that need to be filtered in different situations and changes per record (taxid, home address, phone number, last name)

I tried using functions for this, however its also very clunky because they dont exist within hasura relationships, so they work ok for the top node (get_persons()->notes) but not as a sublevel (notes->get_persons())

Ideally this seems easiest to handle with some postprocessing of the data. Right now the only solution I see is pivoting the table in the view so its in the format (id, fieldname, fieldvalue) and I can run permissions on WHERE fieldname = 'taxid'.. this seems extremely messy.

Is there a better way to do this?

[praveenweb]

@andrewalex - Since you would like to hide certain fields based on different situations, you should ideally be using the role-based permission system to handle this. Have you considered restrictions based on roles?

[andrewalex]

I don't see a way that roles can be used. As I mentioned, a users access to the field can change per record, since the decision to show or hide data is based on the data itself. To be honest I've found limited practical application for roles except in the simplest of applications. This is partially due to a users 'role' changing based on the data. (ex. I'm the owner of group x, but regular user of group y)

Simple Examples:

• I can see my own person record.
• I can see my friends phone number field.
• i can see anyone's address fields if is_address_public is marked it as public or they are a friend
• I can only see tax information for people I am managing.

Right now I am creating a view for each of these business decisions, so I can craft permissions at a 'row level'. It creates a major mess as I'm now lookig at over 100 of these across various tables. Management of this design is even worse because Hasura does not simplify 1:1 relationships so each piece of data has to be treated as an array that may or may not exist

Example querying (names modified for clarity)
person {
personid
view_person_taxid {
personid // need to resend this for caching purposes.
taxid
}
}

So any alternatives are appreciated :)