One of the biggest pain points I found was modeling Organization/Team/Multi-Tenant based permissions.
Generally, the advice is to use a session variable like X-Hasura-Organization-Id to filter in permissions, but recently through a Discord conversation a means to do this without a session variable was found out and I took some time to publish it as a Gist:
Right, those are the kind of permissions I had trouble with. That gist works for reads based on membership (even if a little unintuitive), but I couldn't figure out how do writes that validate using roles & permissions.
One of the biggest pain points I found was modeling Organization/Team/Multi-Tenant based permissions.
Generally, the advice is to use a session variable like X-Hasura-Organization-Id to filter in permissions, but recently through a Discord conversation a means to do this without a session variable was found out and I took some time to publish it as a Gist:
https://gist.github.com/GavinRay97/d7b8805078a47e00001e58eb8...
I would be interested in hearing what problems you had and seeing if there isn't some way around it, just for my own curiosity.