Prisma

have you thought about row-level security too, eg when i ask for all Posts, can I enforce it to filter by only that user id who requested it

That'll be a function of the normal resolver.

That's not really a permissions problem but functionality, e.g. show me my own posts

So for instance, if you want a user level posts query for signed in users... 

```
type Query {
    posts: [Post!]!  @isAuthenticated
}
```

If you want a "super user" that can read all posts.. 

```
type Query {
   allPosts: [Post!]! @hasRole(roles: ["ADMIN"])
}
```

okay, hopefully it will as i learn about the system more