@hobofan Prisma will find its way into our Cloud offering over time. I can't commit to a timeline yet
@LawJolla et al - We have seen tremendous growth in our Cloud business since the launch. Watch out for announcements in this space over the coming months :-)
Huge fan and user of Graphcool the BaaS! My question concerns permissions.
I thought Graphcool did a phenomenal job of permission/authorization. The tutorials seem to kick authentication to the application layer. That seems appropriate.
I think one of GraphQL's pain points is lack of a permissions pattern. It's typically hand rolled at the field / resolver level, leaving a lot of messy code. Will permissions be a part of Prisma and, if so, is there a road map for how granular they can be?
Thank you so much for putting your trust in Graphcool!
The Graphcool Permission system is super interesting because it ads a surprising amount of expressive power to a declarative permission system. We actually brought over the idea to prisma-binding https://www.npmjs.com/package/prisma-binding by including the `exists` query. For now you have to manually perform the check in resolvers, so it is not a complete substitute.
Speaking of permissions in Prisma in general. For now it includes a fairly primitive token based system: You either have full access or no access at all. In the future we will add more fine-grained grants so you can give some users read access to specific types while preventing data mutations for example. The details are still being worked out, and this system will not be as flexible as Permission Queries in Graphcool Framework.
