Craft 5 : User restriction not working #165
Description
I have a section type called "licenses" that I attach to users. I wanted to use GraphQL Authentication then to only allow querying for entries that the user is the author of. Unfortunately no matter the settings i have i can query all entries, no matter if they are created by the user (or where the user is the author of).
{
licensesEntries {
__typename
... on license_Entry {
title
}
}
entries {
... on license_Entry {
title
}
}
}returns:
{
"data": {
"licensesEntries": [
{
"__typename": "license_Entry",
"title": "Test License By Customer"
},
{
"__typename": "license_Entry",
"title": "Test License"
}
],
"entries": [
{
"title": "Test License By Customer"
},
{
"title": "Test License"
},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{}
]
}
}As you mentioned in the FYI docs only using the entries query without a section defined defaults to "automatically restricted to the current user's entries/assets". Unfortunately this seems not to work in my setup.
The licenses checkbox is checked in the "Restricted Entry Queries" setting for that user group / with custom graphql schema:
The user group "customer" also has the "View entries" enabled in the Section Config so i can attach a user to a license entry (otherwise i would be able to select a user in the CP for these entries).
Note: I'm only able to test this on my local machine using the login mutation in Insomnia and using the JWT to query for the entries. I tested with all cookies deleted (to make sure there is no "admin" session somehow attached).
Do you see any misconfiguration which might explain why this is not working as intended?