Security solutions for Blueprint

[theodorDiaconu]

Security options with basic option in blueprint, roles, security owner, etc. Keep it in "Collection.security.ts" (overridable) inside the resolvers for GraphQL.

Some thoughts for a primitive API:

// Pure Basic Security Principles
collection({
   security: {
      [Roles.ADMIN]: collection.security.everything,
      [Roles.MANAGER]: ["edit", "create"]
   },
   fields: [ 
       field({
         security: {
             [Roles.ADMIN]: [ "view", "edit", "create" ]
         }
       });
   ]
});

• We should also have a language in which we say 'if you own it you can modify it or otherwise you can only see it'

[theodorDiaconu]

API Proposal:

security: {
    roles: {},
    'user': true | false | {} | collection.security.isolated("companyId", "companyId"),
    collection.security.tenant("companyId"),
    'anonymous':  {
        maxLimit: 100,
        maxDepth: 5,
        findOne: true | { filters, intersect },
        find: true | { filters, intersect }, 
        edit: true | { filters, fields: [], inside: "userId" },
        create: true | { own: "userId", fields }
        delete: true | { own: "userId", filters, "identity": "user._id" }
    }
},
fields: [
    field({
             // Should we define field-level security logic? Wouldn't it be too much repetition and ugly blueprints?
    })
]

shield.base.ts which is re-exported inside shield.base {}
// roles imported
export const shield: ShieldConfig<Post> = {
    roles: {

    }
}

shield(config, { resolvers });