|
|
|
|
|
|
by aturek
3566 days ago
|
|
|
I'd love to hear how Github is doing ACL here. We came up with a pretty neat solution on my team, which we have not yet open-sourced, for JS. But it was a lot of first-principles design work; there don't seem to be any good examples. This was pretty much all the documentation we had, and it's more a design analysis of edge-vs-node authorization: https://medium.com/apollo-stack/auth-in-graphql-part-2-c6441... Edit: Our eventual solution looked a lot like class SomeTypeOfResolver {
@allowIfAny(rule1, rule2, rule3)
someProperty;
@allowIfAll(rule4, rule5)
otherProperty = defineRetrieverFunction();
}
|
|
|