I would be interested in adding the following to your schema:
type Owner @auth({ query: { rule: "query($USERNAME: String!) { queryOwner(filter: {username: { eq: $USERNAME } }) { username } }" } }) {
username: String! @id
hasRestaurants: [Restaurant] @hasInverse(field: owner)
}
type Country @auth({ query: { rule: "query($USERNAME: String!) { queryCountry { cities { restaurants { restaurant { owner(filter: {username: { eq: $USERNAME } }) { username } } } } } }" } }) { ... }
type City @auth({ query: { rule: "query($USERNAME: String!) { queryCity { restaurants { restaurant { owner(filter: {username: { eq: $USERNAME } }) { username } } } } }" } }) { ... }
...
type RestaurantAddress implements Location @auth({ query: { rule: "query($USERNAME: String!) { queryRestaurantAddress { restaurant { owner(filter: {username: { eq: $USERNAME } }) { username } } } }" } }) { ... }
type Restaurant @auth({ query: { rule: "query($USERNAME: String!) { queryRestaurant { owner(filter: {username: { eq: $USERNAME } }) { username } } }" } }) {
...
owner: Owner # after fixing adding Owners and linking them make this a required field. !
}
type Cuisine @auth({ query: { rule: "query($USERNAME: String!) { queryCuisine { restaurants { owner(filter: {username: { eq: $USERNAME } }) { username } } } }" } }) { ... }
type Dish @auth({ query: { rule: "query($USERNAME: String!) { queryDish { servedBy { owner(filter: {username: { eq: $USERNAME } }) { username } } } }" } }) { ... }
# Dgraph.Authorization {"VerificationKey":"secret-key","Header":"auth","Namespace":"https://myapp.io/jwt/claims","Algo":"HS256"}
Randomly assign the Restaurants to 10 different owners.
This essentially locks every piece of data down to only what the owner has access to through his linked Restaurant(s). Still allows full add/update/delete mutations though.
Then compare the original results to results when passing a token with the USERNAME in it.