Skip to content

Commit

Permalink
fix: incorrect policy injection for nested to-one relation inside a t…
Browse files Browse the repository at this point in the history 
…o-many parent (#777)
  • Loading branch information
@ymc9
ymc9 authored Oct 22, 2023
1 parent 916d3c1 commit 876e013
Show file tree
Hide file tree
Showing 4 changed files with 102 additions and 3 deletions.
2 changes: 1 addition & 1 deletion packages/runtime/src/enhancements/policy/policy-utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -515,7 +515,7 @@ export class PolicyUtil {
throw this.unknownError(`missing backLink field ${currField.backLink} in ${currField.type}`);
}

if (backLinkField.isArray) {
if (backLinkField.isArray && !mutating) {
// many-side of relationship, wrap with "some" query
currQuery[currField.backLink] = { some: { ...visitWhere } };
} else {
Expand Down
2 changes: 1 addition & 1 deletion tests/integration/tests/cli/plugins.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ describe('CLI Plugins Tests', () => {
'[email protected]',
'react',
'swr',
'@tanstack/react-query',
'@tanstack/react-query@^4.0.0',
'@trpc/server',
'@prisma/client@^4.0.0',
`${path.join(__dirname, '../../../../.build/zenstackhq-language-' + ver + '.tgz')}`,
Expand Down
52 changes: 51 additions & 1 deletion tests/integration/tests/enhancements/with-policy/nested-to-many.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,7 @@ describe('With Policy:nested to-many', () => {
expect(r.m2).toEqual(expect.arrayContaining([expect.objectContaining({ id: '2', value: 3 })]));
});

it('update with create', async () => {
it('update with create from one to many', async () => {
const { withPolicy } = await loadSchema(
`
model M1 {
Expand Down Expand Up @@ -341,6 +341,56 @@ describe('With Policy:nested to-many', () => {
expect(r.m2).toHaveLength(3);
});

it('update with create from many to one', async () => {
const { withPolicy } = await loadSchema(
`
model M1 {
id String @id @default(uuid())
value Int
m2 M2[]
@@allow('read', true)
@@allow('create', value > 0)
@@allow('update', value > 1)
}
model M2 {
id String @id @default(uuid())
m1 M1? @relation(fields: [m1Id], references:[id])
m1Id String?
@@allow('all', true)
}
`
);

const db = withPolicy();

await db.m2.create({ data: { id: '1' } });

await expect(
db.m2.update({
where: { id: '1' },
data: {
m1: {
create: { value: 0 },
},
},
})
).toBeRejectedByPolicy();

await expect(
db.m2.update({
where: { id: '1' },
data: {
m1: {
create: { value: 1 },
},
},
})
).toResolveTruthy();
});

it('update with delete', async () => {
const { withPolicy, prisma } = await loadSchema(
`
Expand Down
49 changes: 49 additions & 0 deletions tests/integration/tests/regression/issue-764.test.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
import { loadSchema } from '@zenstackhq/testtools';

describe('Regression: issue 764', () => {
it('regression', async () => {
const { prisma, enhance } = await loadSchema(
`
model User {
id Int @id @default(autoincrement())
name String
post Post? @relation(fields: [postId], references: [id])
postId Int?
@@allow('all', true)
}
model Post {
id Int @id @default(autoincrement())
title String
User User[]
@@allow('all', true)
}
`
);

const db = enhance();

const user = await prisma.user.create({
data: { name: 'Me' },
});

await db.user.update({
where: { id: user.id },
data: {
post: {
upsert: {
create: {
title: 'Hello World',
},
update: {
title: 'Hello World',
},
},
},
},
});
});
});

0 comments on commit 876e013

Please sign in to comment.