dgraph
dgraph copied to clipboard
dgraph-io
Update After @auth validation
https://discuss.dgraph.io/t/feature-request-update-after-auth-validation/14799?u=amaster507
To be clear, we need update-after auth before Field Level Auth could even work, but they are two different things, unless you guys decide to combine them somehow.
This was promised to be worked on by the team next, and as far as I can see, the most requested feature other than Nested Filters from anyone who understands DGraph's limitations.
J
Just an additional note on the necessity of field level auth:
An important use case for this is the ability to add comments to a post where the post has a field:
type Post {
...
comments: [Comment]
}
If any user has update access to the post, the user is able to modify the whole post. Otherwise they are unable to add a comment to the post. Seeing as "Social media sites, Content Management Systems, and Ecommerce stores" are highlighted in the first page of the docs as use cases, it seems counterintuitive that this functionality isn't possible without some hacky workaround, that isn't consistent with the use of the @auth directive, when all of these use cases have this functionality as ubiquitously fundamental to their design.
The @auth directive could prove as an extremely powerful tool in allowing end users to access data from dgraph, and considering update-after-auth and field level updates are mentioned frequently, it seems an upheaval of the @auth directive is likely a necessity. Not ignoring of course the fact that the existing interface is clunky at best, and could be prone to errors in development.
The redevelopment of this is also beneficial, fiscally, for dgraph cloud, as if the @auth directive could be relied upon for all user access auth, it will reduce the need for purpose built API interfaces to be built on top of dgraph, allowing total public access to the dgraph DB. This in turn would increase the number requests made to the server...
just a thought.
