You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Firstly, this is the only solution that seems reasonable to me for setting permissions on a GraphQL based system. Anything else in terms of permissions/ a11n touching GraphQL is just bloat on the schema and a no-go, because schema really shouldn't be touched for business logic changes, which permissions most certainly are a part of. Changing or reading fields is also a business decision too, but that is unavoidable. Permissions are avoidable in the schema. Thanks for putting this package together. 👍
From the example code in the README, I couldn't come to the conclusion of how my use cases could work, so I figured I'd ask some questions.
Here goes.
I understand setting permissions for reading data is possible, but what about an example for writing data? How would I block mutation resolvers from doing harm, when needed? And, also at field level? I'm envisioning a matrix of read and write booleans on field definitions within objects. They in turn get injected into the permission models (or built into them?). At any rate. I want to set or compare read and writing permissions at field level and per user profile, which are injected into graphql-rule. ls that possible? My concern is more about writing permissions though.
I'd like to also have a group based and a role based access systems. For group based access, I'd pre-calculate permissions on functions/ features based on participation in one or more groups. I'd like graphql-rule to block or allow that function/ feature (i.e. when a GraphQL resolver calls on backend business logic and not necessarily some data source) . So, we aren't talking fields, but rather functionality. This goes along the lines of flagging features and other functional permissions.
And role based access. This deals with a role hierarchy and/ or a role data sharing system. I'd pre-calculate object access according to position in a role hierarchy or according to data sharing rules. I'd like graphql-rule to block or allow reading at object (model?) level with this data. Would that also be possible perhaps?
I hope the questions are understandable and looking forward to your response or return questions. Thanks in advance!
Scott
The text was updated successfully, but these errors were encountered:
Firstly, this is the only solution that seems reasonable to me for setting permissions on a GraphQL based system. Anything else in terms of permissions/ a11n touching GraphQL is just bloat on the schema and a no-go, because schema really shouldn't be touched for business logic changes, which permissions most certainly are a part of. Changing or reading fields is also a business decision too, but that is unavoidable. Permissions are avoidable in the schema. Thanks for putting this package together. 👍
From the example code in the README, I couldn't come to the conclusion of how my use cases could work, so I figured I'd ask some questions.
Here goes.
I understand setting permissions for reading data is possible, but what about an example for writing data? How would I block mutation resolvers from doing harm, when needed? And, also at field level? I'm envisioning a matrix of read and write booleans on field definitions within objects. They in turn get injected into the permission models (or built into them?). At any rate. I want to set or compare read and writing permissions at field level and per user profile, which are injected into graphql-rule. ls that possible? My concern is more about writing permissions though.
I'd like to also have a group based and a role based access systems. For group based access, I'd pre-calculate permissions on functions/ features based on participation in one or more groups. I'd like graphql-rule to block or allow that function/ feature (i.e. when a GraphQL resolver calls on backend business logic and not necessarily some data source) . So, we aren't talking fields, but rather functionality. This goes along the lines of flagging features and other functional permissions.
And role based access. This deals with a role hierarchy and/ or a role data sharing system. I'd pre-calculate object access according to position in a role hierarchy or according to data sharing rules. I'd like graphql-rule to block or allow reading at object (model?) level with this data. Would that also be possible perhaps?
I hope the questions are understandable and looking forward to your response or return questions. Thanks in advance!
Scott
The text was updated successfully, but these errors were encountered: