[slaymaker1907]

The problem with using a relational database with GraphQL seems like you need to solve the object relational mismatch. I think in that case you'd be better off writing a library for parsing SQL then putting a secure layer over it that limits what SQL is allowed.

Ideally, you'd be able to just handle these security issues with the database directly through views and permissions, but as far as I know there is no database with enough permissions controls for this.

[vosper]

What about using GraphQL implies that you're trying to map objects from the database? As far as I know you can just query for the fields you want (with whatever joins you might need, or subqueries, or calls out to some other system) and return them to the client.

[slaymaker1907]

It's doing object mapping because it is coercing everything into JSON. Looking at the language, you see the usual suspects of strange cyclic objects for representing relations typical of ORMs. These systems tend to struggle when dealing with things like many to many relationships, non-total relations, etc. To give it credit though, I do like that GraphQL forces a firm separation between remote and local data, though I'm sure there are already libraries for GraphQL trampling over that separation.

[ruslan_talpa]

there is, PostgreSQL https://blog.2ndquadrant.com/application-users-vs-row-level-...

(and saying GraphQL can't work with databases I think is wrong, it's the same as saying OO languages are not a good fit for relational databases)

[slaymaker1907]

Thanks for the info!