This issue with lack of cascading delete, update-after-auth not verifying the post-update objects, and the lack of system generated fields like timestamps of fields which can be set using a caller’s JWT claim, have slammed the brakes on my investigation into using dgraph as a backend.
These issues very much prevent adoption of dgraph.