Fine Grained Authorisation
Can people indicate the best approach to fine grained authorisation within a T3 stack app. This means for each authenticated user, we have an Access Control List (ACL) which contains all the fine grain privileges a user has. Most examples are just trivial, e.g. two roles Admin and User. In real world business apps, we construct roles from many fine grained privileges. For each use case we need to control the UI elements and API calls which are allowed. This means grey-outs or removal of UI element, and restricting api calls. The API (which may be via GraphQL at this time) already checks the ACL and throws errors as appropriate. As we move to tRPC we will need the same. We are using NextAuth. What libraries or approaches can be recommended for implementing FGA in the T3 world?
