It’s not specifically for Dgraph, but some of its principles or approach might be applicable as folks dig in. I’ve been writing a package for directive-based, fine-grained access control to use with neo4j-graphql-js that modifies filter arguments in the GraphQL query document AST to ensure connection to an arbitrary ACL path – could be extended to any GraphQL backend that uses a similar “filter” argument API.
My git repository is: imkleats/neo4j-graphql-deepauth. I lay out the more general AST translation approach in a separate repo: imkleats/graphql-ast-tools. I’ve been posting about my thoughts and design decisions in a series of articles on dev.to/imkleats as well.
Not suggesting this is the only way, the best way (or a “good” way), or even a way someone else hasn’t already thought of or implemented previously. I just thought I’d share to help facilitate those creative juices flowing.
Edit: @michaelcompton, I forgot to mention (since it’s a little off-topic for the thread) that I think the GraphQL query Document decomposition in imkleats/graphql-ast-tools could also be used to implement variable blocks in your Dgraph GraphQL queries.