search

prisma / prisma1

💾 Database Tools incl. ORM, Migrations and Admin UI (Postgres, MySQL & MongoDB) [deprecated]
https://v1.prisma.io/docs/
Apache License 2.0
16.54k stars 862 forks source link

Use Composable Fragments for Permissions #120

Closed ejoebstl closed 6 years ago

ejoebstl commented 7 years ago

Currently, permissions with a custom audience are implemented by traversing a tree which starts at the node in question: 

query permitUsers($nodeId: ID) {
  allUsers(
    filter: {
      id: $nodeId
    }
  ) {
    id
  }
}

I suggest removing that preamble, and working with a fragment instead: 

fragment myCustomPermission on User {
  profiles(filter:{active:true}) {
    profileUrl
  }
}

This fragment can be named and internally inserted into the preamble: 

  query permitUsers($nodeId: ID) {
  allUsers(
    filter: {
      id: $nodeId
    }
  ) {
    ...myCustomPermission
  }
}

The main advantage is that you could compose these fragments. Since fragments are already supported in graphcool, this should be quite straight forward to achieve.

Care has to be taken from a UX approach though, since the preamble becomes less readable.

marktani commented 6 years ago

This issue has been moved to graphcool/graphcool-framework.