Another quick question: any suggestions on handling multi-tenancy? I saw this discussion from a while ago and what I was thinking is on the front-end API (generated through gqlgen) I’ll have various directives for filtering query access by user permissions (so different objects can only be fetched by users with specific permission levels) but I’m curious as to the best route to prevent users from accessing each other’s Orgs or across Projects in the contrived example below.
type Org {
Name: String!
Projects: [Project!]!
}
type Project {
Name: String!
Items: [Item!]!
}
type Item {
Name: String!
}
Where I could have multiple Orgs in the system and not want users belonging to one to be able to access Projects/Items in another Org. And also not have users who are invited to specific Projects within an org to not be able to see other Projects within the same org. Maybe this is a case for using directives again but I’m not sure if I want to attach Org/Projects to every other object within the schema? Just thinking out loud.