A node based approach to the authorization is relevant in GraphQL to ensure access rights.
This node level is something that’s all the GraphQL API developers must keep in mind when exposing contextual data.
In term of implementation, pagination management and performance can be a challenge. For example, to rely on SQL server-side pagination to handle large dataset, you have to check the permissions in the SQL query itself. If not, you have to filter the SQL query result (all the items!) and then determine pagination information as the total count of authorized items and if a previous and a next page exist according to the page number (or cursor) and the list size requested by the user in the GraphQL query.
{
allLists (page:{number:10, size:100}) {
totalCount
hasPreviousPage
hasNextPage
items {
name
}
}
}