Hey, all. I wanted to ask (before I put the effort into rolling my own solution) if anyone knows a good way to add role based security for prisma (any good libraries?)? For both find queries and where queries. For example "John has Manage_Group_A permissions, so any query they make on groups must be scoped to Group 'A'." They should be able to do

{ where: { group: { name: 'A' } } }

and

{ where: { user: { id: 1 } } data: { groups: { connect: { name: 'A' } } } }

for example, but outside of that, their query should either be overridden with their allowed filters, or guarded against

https://prisma.slack.com/archives/CM2LEN7JL/p1612109204054000?thread_ts=1612105193.053800&cid=CM2LEN7JL This is how I do it when using nexus. If you are not using nexus, you could probably do something very similar - basically just getting the information about the user and using it to edit the where clause.

@Swapnull That's kind-of what I was thinking, however I've run into "how do I deal with relations" without re-writing the same logic over and over again. It'd be good if I could get prisma to run a model-level query-modifier function whenever it gets hit. So in my example, you can imagine both

restrictToUser()

and

restrictToUserGroup()

being run

A graphql solution suggested in one of the official Apollo blogs is GraphQL Shield. Doesn’t require Apollo if you’re not using it haven’t gotten complex enough to use it yet but looks good

@Marcello I'll check it out!