Does anybody know something like Directus (building REST APIs on top of Postgres) with the ability to hook in custom authorization logic? (E.g. to do FGA checks before returning data)
But honestly, depending on the complexity of your logic you may not even need custom hooks. You can get really granular with the built-in access policies and permissions.
As long as you have relationships configured with the user collection you can reference those in your permissions.
Here's an example rule for accessing items within a `projects` table that hides any projects that don't belong to the current agency partner.
I wrote my own extension in version 9 some time ago where I used hooks to track changes and sync our Full-Text Search engine (Meilisearch). I just remembered some of the difficulties dealing with hooks, because their payload differed in structure depending on how data entries were mutated (update via Web-UI VS creation via API VS import via API /utils/import). Has that improved?
Here's the docs for custom hooks. https://directus.io/docs/guides/extensions/api-extensions/ho...
But honestly, depending on the complexity of your logic you may not even need custom hooks. You can get really granular with the built-in access policies and permissions.
As long as you have relationships configured with the user collection you can reference those in your permissions.
Here's an example rule for accessing items within a `projects` table that hides any projects that don't belong to the current agency partner.
{"_and":[{"partner":{"id":{"_eq":"$CURRENT_USER.agency_partner_id.id"}}}]}
Each project a many to one relationship to agency_partners. Each user has a many to one relationship to agency_partners.
You can even scope this down to allow / hide specific fields if you want.