I really want to like Hasura, but very quickly you'll run into limitations of its permission system. Especially when dealing with logic across relationships.
If only Hasura supported some king of Prolog / Datalog instead of their ad-hoc JSON language, then you'd be able to write nearly any possible use cases. Until then, I'll stick to building and maintaining my own backends... manually :(
One of the biggest pain points I found was modeling Organization/Team/Multi-Tenant based permissions.
Generally, the advice is to use a session variable like X-Hasura-Organization-Id to filter in permissions, but recently through a Discord conversation a means to do this without a session variable was found out and I took some time to publish it as a Gist:
Right, those are the kind of permissions I had trouble with. That gist works for reads based on membership (even if a little unintuitive), but I couldn't figure out how do writes that validate using roles & permissions.
If you’re looking for more flexibility than Hasura, I’d recommend you try out Warthog (disclaimer: I’m the author). It’s a Node Library that uses TypeORM, TypeGraphQL and some extra magic under the hood to let you spin up APIs very quickly (auto-generated schema), but you also have access to the bare metal code. You can set up CRUD essentially free, but it provides you a slew of ways to handle more complex scenarios.
If only Hasura supported some king of Prolog / Datalog instead of their ad-hoc JSON language, then you'd be able to write nearly any possible use cases. Until then, I'll stick to building and maintaining my own backends... manually :(