search

Eunovo / superbackend

Create your database and service layer from GraphQL types
MIT License
4 stars 0 forks source link

Authorization #7

Closed Eunovo closed 3 years ago

Eunovo commented 3 years ago

Now that authentication works, I think we can tackle authorization. Here's what I have in mind

enum Role {
  """
  @create('Store', 'owner')
  allow create store if username of current user is owner

  @set('Store', 'CREATE_PRODUCT', 'owner')
  allow custom permission 'CREATE_PRODUCT'
  if username of current user is owner
  """
  USER
  """
  @create('Store')
  allow create store for any owner
  """
  ADMIN
}

"""@model"""
type User {
  username: String!
  role: Role!
}

"""@model"""
type Store {
  """
  @ManyToOne('User', 'username')
  """
  owner: String!
}

"""
@model
@auth('create', 'CREATE_PRODUCT', 'Store', 'storeId')
authorize create action with 'CREATE_PRODUCT'
permission on Store using product key 'storeId'
"""
type Product {
   """@ManyToOne('Store', '_id')"""
   storeId: ID!
}
Eunovo commented 3 years ago

@mikkybang To add any custom functionality, the user can use the pre middleware on services.

Eunovo commented 3 years ago

I want to use these tags create, update, read, delete and set(for custom permissions) to set permissions on the individual roles while we use @auth to check custom permissions on target models.

I will do some investigation into authorization to see if these tags will cover most use-cases.

@mikkybang WDYT?