Owner role on edit

I've searched around different site but I have not found a solution yet, I have this kind of schema:

type Friendship @relation(name: "FOLLOW") {
  from: User
  to: User
  timestamp: Int
}

type User {
  uuid: ID!
  email: String
  username: String
  password: String
  friendship: [Friendship]
}

or

type Post {
  uuid: ID!
  text: String
  created: DateTime
  modified: DateTime
  owner: User @relation(name: "HAS_POSTS", direction: "IN")
  reviews: [Review] @relation(name: "HAS_REVIEWS", direction: "OUT")
}

and I want to allow the edit of these nodes only by the author of the node, is this possible somehow through neo4j or this is something achievable only through the app acl?

many thanks
Francesco

Hello Francesco,

At this time, the application would need to manage what data an end-user can edit.

In our next release of Neo4j (4.0) which will be available early next year, we are adding role-based access control which will make it easier for applications to manage who accesses different part of the graph.

Elaine

Have you seen the auth directives blog post from @William_Lyon?

Hi,

many thnaks both! yes I read it but is a bit different, my problem is not to create roles/scope but to define the ownership of the node and let only the owner edit this node...