How do you make sure you don't accidentally expose an-authorized data to the user with auto-generating GraphQL APIs? Does Ent have built-in authorization validation?
There are some gotchas with this, but like all auth you need to take the time to think through it and once you do it is extremely powerful. This approach means you can essentially forget about needing to scope queries to specific users throughout your codebase as Ent will automatically apply that part of the query wherever it is needed.
I know there's been some comments on this thread and others about coupling auth to your ORM, I think it's necessary as it's otherwise too easy to forget this somewhere deep in your code and accidentally expose everything to the wrong user.
How do you make sure you don't accidentally expose an-authorized data to the user with auto-generating GraphQL APIs? Does Ent have built-in authorization validation?