|
|
|
|
|
|
by bionhoward
2012 days ago
|
|
|
The #1 missing piece for graphql to be clearly way better than alternatives (IMHO), is a functional authorization rule engine. Basically, we need a way to easily write fine-grained attribute-based access control functions like “allow authors to edit and delete the content field of their posts” or “only allow doctors to see records for their patients” — inspired by Nader Dabit’s (et al) interesting work on AWS amplify auth directive here: [packages/graphql-auth-transformer/src/ModelAuthTransformer.ts](https://github.com/aws-amplify/amplify-cli/blob/master/packa...) I carped on the Apollo folks about this and provided a [hackish Ramda solution](https://github.com/ardatan/graphql-tools/issues/1234#issueco...) which seems to have helped lead to [functional directives in graphql-tools](https://www.graphql-tools.com/docs/schema-directives#at-leas...) but still there’s no fine grained ABAC lib I truly love for simplicity. How can Nexus / Prisma be used to implement custom functional [auth] directives? SQL is nice for this, and I eventually switched to that, but the column and row level security work independently and are pretty verbose. It would be amazing if sql row/column security were more tightly integrated... |
|
|
I'm a small contributor to an nice and modular Accounts/User library built in typescript. It's compatible with several databases, and can be used both with REST and GraphQL transports.
It does have indeed an @auth directive you can use, you can also extend new directives which for example are related to a custom ROLE === ADMIN check, etc, but you need to build this yourself.
If you're interested https://www.accountsjs.com/