I’m not sure how i should implement programmatic access control to a given resource.
For example, i only want users who have a specific data attribute to be able to consume a specific resource. This goes beyond “roles”, it’s literally executing business logic to determine access.
For example, how can i leverage @custom to determine if a user has access to a resource and return an error of sorts, or a custom payload, if the @custom directive’s result doesn’t grant access to the requested resource?
It would be nice to see this as a code example somewhere