Roles&Permissions on query and mutations

[Levon770]

Can you suggest a good way to handle permissions. Like after custom logic the query returns "permission deny" error, same as 403 error.
Can't find any good idea. Currently the check was done in resolver. But bad thing is that each resolver has to call same function for permission check and return mixed Type. I am looking for idea of middleware, like authantication.

[le0daniel]

You could use a Dataloder, so you check for the permission once...