OperationPermissions dependent on type ID

[flymedllva]

I would like to know if there are plans to develop OperationPermissions to support more complex rights sharing schemes?

Is it possible to make the role in OperationPermissions dependent on the type ID?

As an example of a scheme

type Home {
    id: ID!
    windows: [Window!]!
    doors: [Door!]!
}

type Window {
    id: ID!
    size: String!
}

type Door {
    id: ID!
    size: String!
}

Let's say we have two houses with IDs 10, 20 respectively

We want to make a separate role for each house, say:

• owner_home_10
• owner_home_20

Also for each house we want to divide groups of people into windows and doors:

• owner_home_10_view_doors
• owner_home_10_view_windows
• owner_home_20_view_doors
• owner_home_20_view_windows

If we have the role owner_home_10 we can view owner_home_10_view_doors and owner_home_10_view_windows, but we cannot view owner_home_20_view_doors and owner_home_20_view_windows

Since the Homes are created through an API need some mechanism for dynamically updating roles, say from an external service For example, if you have created a Home with ID 30 and the user requested an object with this ID you need to dynamically load the information about the role for this type

[nmaquet]

Hey Dmitry, thanks for your question. There are no current plans to extend OperationPermissions at this time. One of the design goals of Bramble is to keep the gateway as stateless and service-agnostic as possible. In your example, some amount of stateful lookup would be required to be performed by the gateway to determine whether access is authorised. IMHO this is best dealt with by underlying services and not the gateway itself. I would recommend you develop your authorisation logic in two passes - one coarse pass implemented at the gateway level (who can access which fields) and a second fine grained pass that contains more advance logic and is implemented by the underlying services. Hope that helps!