Prisma1: Permission Queries

I'm assuming that this is the "related user" permissions noted in docs earlier. If so, +1 from me as a high priority feature.

Crucial for security and authorization since you don't want users editing or deleting other people's objects.

This feature is now available for people in our Beta program. If you want to try this out before the official release, please get in touch :-)

I have a suggestion for adding a $now dateTime variable to the custom permission query. For my use case and I'm sure others who have subscription based billing, we update a billingDate when a payment is received like through a stripe webhook. I could then use billingDate_gte: $now to limit mutations or query to accounts that haven't paid in time. This would also be useful in invitations to allow a timeout permission. Currently I have a cron like job that cleans up expired permissions, but they could be late.

A separate general question regarding predefined queries such as custom permissions, would it be a good idea to allow arithmetic operations directly in the filter value such as count: $someNumber + 1. This is more theoretical but in the case of the billingDate if i wanted a grace period I could do billingDate_gte: $now + 3 day. I'm sure it would open up a lot of permission ideas for limiting read counts or write counts.

Keep up the good work :)

This proposal looks relevant: https://github.com/facebook/graphql/issues/271 :slightly_smiling_face:

Permission queries have now been released to production. :tada: Thanks everyone for testing this feature in the beta program!