Permission error NoMatchingRuleFound

I’m using mongodb atlas with mongodb realm graphql api. I’m justing use realm ui and postman.

1 - I made a simple colletion called patient on atlas.
2 - I made a simple realm app.
3 - I made a rule with “Users can only read and write their own data” template.
4 - I put {“user.id”: “%%user.id”} on Apply When field.
5 - I made a schema like that:

{
  "title": "patient",
  "properties": {
      "_id": {
          "bsonType": "objectId"
      },
      "name": {
          "bsonType": "string"
      },
      "user": {
          "bsonType": "objectId"
      }
  }
}

6 - I’m not using sync.
7 - i turn on email/password auth.
8 - i create a email/password on realm ui.
9 - I review and deploy.

When i try to insert patient by postman, the api returns:

reason=“no matching role found for document with _id: ObjectID(\“606dfbeef6c4be4cb6d91831\”)”; code=“NoMatchingRuleFound”; untrusted=“insert not permitted”; details=map[]

This is my request on curl:

curl --location --request POST 'https://realm.mongodb.com/api/client/v2.0/app/aaaa/graphql' \
--header 'email: aaaa@aaaa.com' \
--header 'password: aaaa' \
--header 'Content-Type: application/json' \
--data-raw '{"query":"mutation {\r\n    insertOnePatient(data:{\r\n        name: \"heeeeee\"\r\n    }) {\r\n        _id\r\n        name\r\n    }\r\n}","variables":{}}'

it’s work when i try to insert using graphql realm ui. :frowning:

some ideia?

1 Like

this is my app url https://realm.mongodb.com/api/client/v2.0/app/nicetry-mdjhm/graphql

Hi @Bob_Dylan, welcome to the community.

Could you please share the full rule definition for this collection (e.g., click on the “ADVANCED MODE” button and copy the JSON)?

Also, is there an error shown in the Realm logs?

Hi Andrew,

{
  "roles": [
    {
      "name": "owner",
      "apply_when": {
        "user": "%%user.id"
      },
      "insert": true,
      "delete": true,
      "search": true,
      "write": true,
      "fields": {},
      "additional_fields": {}
    }
  ],
  "filters": [],
  "schema": {
    "title": "patient",
    "properties": {
      "_id": {
        "bsonType": "objectId"
      },
      "name": {
        "bsonType": "string"
      },
      "user": {
        "bsonType": "string"
      }
    }
  }
}

i made a request today and i dont saw any error, but i saw a error two days ago with this message: “no authentication methods were specified”.

I am also getting the same issue, any solution to this?

1 Like

Hello, did you ever find the solution? I’m triying to implement quite the same role.

Just if anyone stops here. I’ve found the solution, the problem was that I were creating a rule where the user in order to access its own data would need his own _id but I wasn’t matching this _id quite correctly, because I was matching an string with an object and it should’ve been a match between an object with an object. So, the rule I created was this:

{
  "_id": {
    "%stringToOid": "%%user.id"
  }
}

Regards.