If you are not familiar with Fauna, it’s a database that is built for the modern serverless & JAM stack world. It is globally distributed, supports ACID transactions, has built in authentication, ABAC permissions model, and temporality. It is really quite interesting and powerful. For me it has replaced MongoDB and DynamoDB for my document stores.
If you have spent any time with it, you know you can do GraphQL and FQL to query the database. GraphQL allows for getting basic CRUD operations from the client. A schema is uploaded, and all the operations are instantly available to be used by your app.
FQL on the other hand is a custom functional query language for Fauna DB. It is functional in nature, and can be a little difficult to wrap your head around. But it is so much more powerful. While GraphQL handle CRUD operations, and is great client side, FQL is like it older sibling that can do a lot more. For example, creating databases, keys, roles and permissions, etc.
Because I want to use ABAC to handle what type of role a user account has and what they can do, that means I have to use FQL. So instead of splitting my code base and allowing CRUD operations to happen with GraphQL and administration actions, initialization of the database, and other tasks to happen in FQL. I might as well use it in both locations.
Quirks
It is not without its quirks though. For example the
If query function requires three arguments, condition, statement to run when condition is true, statement to run when condition is false. So it is a If/Else statement, and can’t be just a If statement. Well it turns out it can, if you pass null to either condition. In this example, If a user exists (any user), do nothing. Because the true statement is just
null. If no user exists, create a user document in the users collection. Another quirk are roles. They are called roles, as if you are assigning a logged in credential to a single resource. They sound as if someone in the
user role can not also be a admin role. But in reality the admin role does not redefine all permissions someone in the user role has. It layers on top if they meet the conditions to be in both the user and the admin role. So it’s very strange that they are called roles and not access.