@casl & Hasura permissions for multiple roles

[jozef-slezak]

@msvoro, this issue continues #31

Pages accessible only for certain roles

• Show hide menu using https://github.com/stalniy/casl
• Configure multiple roles and permissions https://hasura.io/docs/latest/graphql/core/auth/authorization/permission-rules.html

Entity Fields accessible only for certain roles

• Show hide entity fields using https://github.com/stalniy/casl
• use graphql query directives @skip/@include according to permissions https://hasura.io/docs/latest/graphql/core/databases/postgres/queries/variables-aliases-fragments-directives.html for individual fields

Extend Hasura for quering permissions

Implement either hasura action (on top of hasura permissions tables/views or rest api https://hasura.io/docs/latest/graphql/core/auth/authorization/permission-rules.html) or postgres function

query currentUserAbilities {
  currentUserAbilities {
    action
    subject
    fields
    conditions
  }
]

returns:

[
  {
    action: ['select', 'insert', 'update'],
    fields: ['id', 'seq', 'name', ...], 
    subject: 'Entity1',
    conditions: { created_by: '%current_user%'}
  },
  {
    inverted: true,
    action: ['select', 'insert', 'update', 'delete'],
    fields: ['id', 'seq', 'name', ...],
    subject: 'Entity2',
    conditions: { created_by: '%current_user%'}
  }
]

FYI, this example pull request will be used for codegen as an example.