Helloooo - we're in the process of evaluating Cerbos as a authorization provider, and I'm looking for a concrete example for how we'd support something like "list all orders the user has access to"? AFAIK, we'd be looking at using the

Query Planner API

, but I'm curious if there are any examples on how it's used? A bit more about our setup below: •

node

+

graphql

+

mongodb w/ mongoose

backend • We have

businesses

with

users

and

orders

attached to them ◦

business

<->

user

is an

n:m

relation ◦

business

<->

order

is a

1:n

relation • Users are assigned roles on a business by business basis ◦

viewer

-> can

read

all business orders ◦

owner

-> can

read

and

update

all business orders ◦

contractor

-> can

read

some business orders (contractors are granted read permissions to a specific set of orders on a case by case basis) Authorizing standard CRUD operations on a single

order

resource has been straightforward, but I'm not exactly sure how we should go about fetching and paginating a list of orders the a

user

can

view

for a given

business

Any insight would be helpful!

there's a couple repos with examples in the cerbos github org https://github.com/cerbos?q=query&amp;type=all&amp;language=&amp;sort=

Gotcha - the

demo-app-expenses

[github] seems to have an example of a

list

operation. Thanks!

There’re also examples with Prisma ORM: 1. https://github.com/cerbos/express-prisma-cerbos 2. https://github.com/cerbos/nextjs-prisma-cerbos

Rad - we unfortunately don't use Prisma, but helpful none-the-less, thanks!

Hi Logan, What database do you use? What library or ORM do you use to connect to it?

It’s

mongodb w/ mongoose

Hey @Logan we have an alpha version of a mongoose adapter published as

@cerbos/orm-mongoose

with the PR up here https://github.com/cerbos/query-plan-adapters/pull/16 if you would be willing to try it out