Authorization system with access "role"s.

USER -> Should only have access to all Queries
MESS_ADMIN -> Should have access to both all Queries and Mess Mutations
ADMIN -> Should have access to both all Queries and all Mutations

Should be configurable easily, as more schema types will be added in future.
For example:
MERCHANT -> Should have access to all queries and Merchant type mutations

Use JWT if possible for Authentication.