Imagine some middleware like this:
let block_viewer_mutations = |mw: MiddlewareBuilder<AuthenticatedRspcContext>| {
mw.middleware(
|mw: MiddlewareContext<AuthenticatedRspcContext>| async move {
if let Some(org_ctx) = &mw.ctx.organization_context {
if org_ctx.organization_role == OrganizationRole::Viewer
&& matches!(mw.req.kind, rspc::internal::ProcedureKind::Mutation)
{
return Err(Into::into(ApiGatewayError::Unauthorized(
"Viewers are not allowed to perform mutations".into(),
)));
}
}
Ok(mw)
},
)
};
This doesn't actually work because even on mutations, mw.req.kind is Query. This error is present at least as of commit fe991f0, though I can't see any issues or PRs that mention kind since then.
Imagine some middleware like this:
This doesn't actually work because even on mutations,
mw.req.kindisQuery. This error is present at least as of commit fe991f0, though I can't see any issues or PRs that mention kind since then.