@zenstackhq/plugin-policy 3.3.0-beta.3 → 3.3.0-beta.5

package/dist/index.js

@@ -4,13 +4,13 @@ var __name = (target, value) => __defProp(target, "name", { value, configurable:
 // src/functions.ts
 import { invariant as invariant4 } from "@zenstackhq/common-helpers";
 import { CRUD, QueryUtils as QueryUtils3 } from "@zenstackhq/orm";
-import { ExpressionWrapper as ExpressionWrapper2, ValueNode as ValueNode4 } from "kysely";
+import { ExpressionWrapper as ExpressionWrapper3, ValueNode as ValueNode4 } from "kysely";
 
 // src/policy-handler.ts
 import { invariant as invariant3 } from "@zenstackhq/common-helpers";
 import { getCrudDialect as getCrudDialect2, QueryUtils as QueryUtils2, RejectedByPolicyReason, SchemaUtils as SchemaUtils2 } from "@zenstackhq/orm";
 import { ExpressionUtils as ExpressionUtils4 } from "@zenstackhq/orm/schema";
-import { AliasNode as AliasNode3, BinaryOperationNode as BinaryOperationNode3, ColumnNode as ColumnNode3, DeleteQueryNode, expressionBuilder as expressionBuilder2, ExpressionWrapper, FromNode as FromNode2, IdentifierNode as IdentifierNode2, InsertQueryNode, OperationNodeTransformer, OperatorNode as OperatorNode3, ParensNode as ParensNode2, PrimitiveValueListNode, ReferenceNode as ReferenceNode3, ReturningNode, SelectAllNode, SelectionNode as SelectionNode2, SelectQueryNode as SelectQueryNode2, sql, TableNode as TableNode3, UpdateQueryNode, ValueNode as ValueNode3, ValuesNode, WhereNode as WhereNode2 } from "kysely";
+import { AliasNode as AliasNode3, BinaryOperationNode as BinaryOperationNode3, ColumnNode as ColumnNode3, DeleteQueryNode, expressionBuilder as expressionBuilder2, ExpressionWrapper as ExpressionWrapper2, FromNode as FromNode2, IdentifierNode as IdentifierNode2, InsertQueryNode, OperationNodeTransformer, OperatorNode as OperatorNode3, ParensNode as ParensNode2, PrimitiveValueListNode, ReferenceNode as ReferenceNode3, ReturningNode, SelectAllNode, SelectionNode as SelectionNode2, SelectQueryNode as SelectQueryNode2, sql, TableNode as TableNode3, UpdateQueryNode, ValueNode as ValueNode3, ValuesNode, WhereNode as WhereNode2 } from "kysely";
 import { match as match3 } from "ts-pattern";
 
 // src/column-collector.ts
@@ -36,7 +36,7 @@ var ColumnCollector = class extends KyselyUtils.DefaultOperationNodeVisitor {
 import { invariant as invariant2 } from "@zenstackhq/common-helpers";
 import { getCrudDialect, QueryUtils, SchemaUtils } from "@zenstackhq/orm";
 import { ExpressionUtils as ExpressionUtils3 } from "@zenstackhq/orm/schema";
-import { AliasNode as AliasNode2, BinaryOperationNode as BinaryOperationNode2, ColumnNode as ColumnNode2, expressionBuilder, FromNode, FunctionNode as FunctionNode2, IdentifierNode, OperatorNode as OperatorNode2, ReferenceNode as ReferenceNode2, SelectionNode, SelectQueryNode, TableNode as TableNode2, ValueListNode, ValueNode as ValueNode2, WhereNode } from "kysely";
+import { AliasNode as AliasNode2, BinaryOperationNode as BinaryOperationNode2, ColumnNode as ColumnNode2, expressionBuilder, ExpressionWrapper, FromNode, FunctionNode as FunctionNode2, IdentifierNode, OperatorNode as OperatorNode2, ReferenceNode as ReferenceNode2, SelectionNode, SelectQueryNode, TableNode as TableNode2, ValueListNode, ValueNode as ValueNode2, WhereNode } from "kysely";
 import { match as match2 } from "ts-pattern";
 
 // src/expression-evaluator.ts
@@ -287,6 +287,7 @@ var ExpressionTransformer = class {
   }
   client;
   dialect;
+  eb = expressionBuilder();
   constructor(client) {
     this.client = client;
     this.dialect = getCrudDialect(this.schema, this.clientOptions);
@@ -311,13 +312,15 @@ var ExpressionTransformer = class {
     if (!handler) {
       throw new Error(`Unsupported expression kind: ${expression.kind}`);
     }
-    return handler.value.call(this, expression, context);
+    const result = handler.value.call(this, expression, context);
+    invariant2("kind" in result, `expression handler must return an OperationNode: transforming ${expression.kind}`);
+    return result;
   }
   _literal(expr2) {
     return this.transformValue(expr2.value, typeof expr2.value === "string" ? "String" : typeof expr2.value === "boolean" ? "Boolean" : "Int");
   }
   _array(expr2, context) {
-    return ValueListNode.create(expr2.items.map((item) => this.transform(item, context)));
+    return this.dialect.buildArrayValue(expr2.items.map((item) => new ExpressionWrapper(this.transform(item, context))), expr2.type).toOperationNode();
   }
   _field(expr2, context) {
     if (context.contextValue) {
@@ -604,9 +607,11 @@ var ExpressionTransformer = class {
       return trueNode(this.dialect);
     } else if (value === false) {
       return falseNode(this.dialect);
+    } else if (Array.isArray(value)) {
+      return this.dialect.buildArrayValue(value.map((v) => new ExpressionWrapper(this.transformValue(v, type))), type).toOperationNode();
     } else {
       const transformed = this.dialect.transformInput(value, type, false) ?? null;
-      if (!Array.isArray(transformed)) {
+      if (typeof transformed !== "string") {
         return ValueNode2.createImmediate(transformed);
       } else {
         return ValueNode2.create(transformed);
@@ -630,8 +635,7 @@ var ExpressionTransformer = class {
     if (!func) {
       throw createUnsupportedError(`Function not implemented: ${expr2.function}`);
     }
-    const eb = expressionBuilder();
-    return func(eb, (expr2.args ?? []).map((arg) => this.transformCallArg(eb, arg, context)), {
+    return func(this.eb, (expr2.args ?? []).map((arg) => this.transformCallArg(arg, context)), {
       client: this.client,
       dialect: this.dialect,
       model: context.modelOrType,
@@ -651,21 +655,12 @@ var ExpressionTransformer = class {
     }
     return func;
   }
-  transformCallArg(eb, arg, context) {
-    if (ExpressionUtils3.isLiteral(arg)) {
-      return eb.val(arg.value);
-    }
+  transformCallArg(arg, context) {
     if (ExpressionUtils3.isField(arg)) {
-      return eb.ref(arg.field);
-    }
-    if (ExpressionUtils3.isCall(arg)) {
-      return this.transformCall(arg, context);
-    }
-    if (this.isAuthMember(arg)) {
-      const valNode = this.valueMemberAccess(this.auth, arg, this.authType);
-      return valNode ? eb.val(valNode.value) : eb.val(null);
+      return this.eb.ref(arg.field);
+    } else {
+      return new ExpressionWrapper(this.transform(arg, context));
     }
-    throw createUnsupportedError(`Unsupported argument expression: ${arg.kind}`);
   }
   _member(expr2, context) {
     if (ExpressionUtils3.isBinding(expr2.receiver)) {
@@ -1068,7 +1063,7 @@ var PolicyHandler = class extends OperationNodeTransformer {
       modelLevelFilter,
       node.where?.where ?? trueNode(this.dialect)
     ]);
-    const preUpdateCheckQuery = this.eb.selectFrom(mutationModel).select((eb) => eb.fn.coalesce(eb.fn.sum(this.dialect.castInt(new ExpressionWrapper(logicalNot(this.dialect, fieldLevelFilter)))), eb.lit(0)).as("$filteredCount")).where(() => new ExpressionWrapper(updateFilter));
+    const preUpdateCheckQuery = this.eb.selectFrom(mutationModel).select((eb) => eb.fn.coalesce(eb.fn.sum(this.dialect.castInt(new ExpressionWrapper2(logicalNot(this.dialect, fieldLevelFilter)))), eb.lit(0)).as("$filteredCount")).where(() => new ExpressionWrapper2(updateFilter));
     const preUpdateResult = await proceed(preUpdateCheckQuery.toOperationNode());
     if (preUpdateResult.rows[0].$filteredCount > 0) {
       throw createRejectedByPolicyError(mutationModel, RejectedByPolicyReason.NO_ACCESS, "some rows cannot be updated due to field policies");
@@ -1119,10 +1114,10 @@ var PolicyHandler = class extends OperationNodeTransformer {
       eb(eb.fn("COUNT", [
         eb.lit(1)
       ]), "=", Number(updateResult.numAffectedRows ?? 0)).as("$condition")
-    ]).where(() => new ExpressionWrapper(conjunction(this.dialect, [
+    ]).where(() => new ExpressionWrapper2(conjunction(this.dialect, [
       idConditions,
       postUpdateFilter
-    ]))).$if(needsBeforeUpdateJoin, (qb) => qb.leftJoin(() => new ExpressionWrapper(beforeUpdateTable).as("$before"), (join) => {
+    ]))).$if(needsBeforeUpdateJoin, (qb) => qb.leftJoin(() => new ExpressionWrapper2(beforeUpdateTable).as("$before"), (join) => {
       const idFields = QueryUtils2.requireIdFields(this.client.$schema, model);
       return idFields.reduce((acc, f) => acc.onRef(`${model}.${f}`, "=", `$before.${f}`), join);
     }));
@@ -1232,7 +1227,7 @@ var PolicyHandler = class extends OperationNodeTransformer {
         if (!columnName) {
           return update;
         }
-        const wrappedValue = sql`IF(${new ExpressionWrapper(filter)}, ${new ExpressionWrapper(update.value)}, ${sql.ref(columnName)})`.toOperationNode();
+        const wrappedValue = sql`IF(${new ExpressionWrapper2(filter)}, ${new ExpressionWrapper2(update.value)}, ${sql.ref(columnName)})`.toOperationNode();
         return {
           ...update,
           value: wrappedValue
@@ -1409,7 +1404,7 @@ var PolicyHandler = class extends OperationNodeTransformer {
       };
     }
     const eb = expressionBuilder2();
-    const selection = eb.case().when(new ExpressionWrapper(filter)).then(eb.ref(field)).else(null).end().as(field).toOperationNode();
+    const selection = eb.case().when(new ExpressionWrapper2(filter)).then(eb.ref(field)).else(null).end().as(field).toOperationNode();
     return {
       hasPolicies: true,
       selection: SelectionNode2.create(selection)
@@ -1489,9 +1484,9 @@ var PolicyHandler = class extends OperationNodeTransformer {
     invariant3(bValue !== null && bValue !== void 0, "B value cannot be null or undefined");
     const eb = expressionBuilder2();
     const filterA = this.buildPolicyFilter(m2m.firstModel, void 0, "update");
-    const queryA = eb.selectFrom(m2m.firstModel).where(eb(eb.ref(`${m2m.firstModel}.${m2m.firstIdField}`), "=", aValue)).select(() => new ExpressionWrapper(filterA).as("$t"));
+    const queryA = eb.selectFrom(m2m.firstModel).where(eb(eb.ref(`${m2m.firstModel}.${m2m.firstIdField}`), "=", aValue)).select(() => new ExpressionWrapper2(filterA).as("$t"));
     const filterB = this.buildPolicyFilter(m2m.secondModel, void 0, "update");
-    const queryB = eb.selectFrom(m2m.secondModel).where(eb(eb.ref(`${m2m.secondModel}.${m2m.secondIdField}`), "=", bValue)).select(() => new ExpressionWrapper(filterB).as("$t"));
+    const queryB = eb.selectFrom(m2m.secondModel).where(eb(eb.ref(`${m2m.secondModel}.${m2m.secondIdField}`), "=", bValue)).select(() => new ExpressionWrapper2(filterB).as("$t"));
     const queryNode = {
       kind: "SelectQueryNode",
       selections: [
@@ -1515,7 +1510,7 @@ var PolicyHandler = class extends OperationNodeTransformer {
     for (const def of allFields) {
       const index = fields.indexOf(def.name);
       if (index >= 0) {
-        allValues.push(new ExpressionWrapper(values[index]));
+        allValues.push(new ExpressionWrapper2(values[index]));
       } else {
         allValues.push(this.eb.lit(null));
       }
@@ -1524,7 +1519,7 @@ var PolicyHandler = class extends OperationNodeTransformer {
       allValues
     ]);
     const filter = this.buildPolicyFilter(model, void 0, "create");
-    const preCreateCheck = this.eb.selectFrom(valuesTable.as(model)).select(this.eb(this.eb.fn.count(this.eb.lit(1)), ">", 0).as("$condition")).where(() => new ExpressionWrapper(filter));
+    const preCreateCheck = this.eb.selectFrom(valuesTable.as(model)).select(this.eb(this.eb.fn.count(this.eb.lit(1)), ">", 0).as("$condition")).where(() => new ExpressionWrapper2(filter));
     const result = await proceed(preCreateCheck.toOperationNode());
     if (!result.rows[0]?.$condition) {
       throw createRejectedByPolicyError(model, RejectedByPolicyReason.NO_ACCESS);
@@ -1560,8 +1555,9 @@ var PolicyHandler = class extends OperationNodeTransformer {
           value = this.dialect.transformInput(item, fieldDef.type, !!fieldDef.array);
         }
         if (Array.isArray(value)) {
+          const fieldDef = QueryUtils2.requireField(this.client.$schema, model, fields[i]);
           result.push({
-            node: this.dialect.buildArrayLiteralSQL(value).toOperationNode(),
+            node: this.dialect.buildArrayValue(value, fieldDef.type).toOperationNode(),
             raw: value
           });
         } else {
@@ -1810,8 +1806,8 @@ var PolicyHandler = class extends OperationNodeTransformer {
     }
     const checkForOperation = operation === "read" ? "read" : "update";
     const joinTable = alias ?? tableName;
-    const aQuery = this.eb.selectFrom(m2m.firstModel).whereRef(`${m2m.firstModel}.${m2m.firstIdField}`, "=", `${joinTable}.A`).select(() => new ExpressionWrapper(this.buildPolicyFilter(m2m.firstModel, void 0, checkForOperation)).as("$conditionA"));
-    const bQuery = this.eb.selectFrom(m2m.secondModel).whereRef(`${m2m.secondModel}.${m2m.secondIdField}`, "=", `${joinTable}.B`).select(() => new ExpressionWrapper(this.buildPolicyFilter(m2m.secondModel, void 0, checkForOperation)).as("$conditionB"));
+    const aQuery = this.eb.selectFrom(m2m.firstModel).whereRef(`${m2m.firstModel}.${m2m.firstIdField}`, "=", `${joinTable}.A`).select(() => new ExpressionWrapper2(this.buildPolicyFilter(m2m.firstModel, void 0, checkForOperation)).as("$conditionA"));
+    const bQuery = this.eb.selectFrom(m2m.secondModel).whereRef(`${m2m.secondModel}.${m2m.secondIdField}`, "=", `${joinTable}.B`).select(() => new ExpressionWrapper2(this.buildPolicyFilter(m2m.secondModel, void 0, checkForOperation)).as("$conditionB"));
     return this.eb.and([
       aQuery,
       bQuery
@@ -1911,7 +1907,7 @@ var check = /* @__PURE__ */ __name((eb, args, { client, model, modelAlias, opera
   const policyHandler = new PolicyHandler(client);
   const op = arg2Node ? arg2Node.value : operation;
   const policyCondition = policyHandler.buildPolicyFilter(relationModel, void 0, op);
-  const result = eb.selectFrom(eb.selectFrom(relationModel).where(joinCondition).select(new ExpressionWrapper2(policyCondition).as("$condition")).as("$sub")).selectAll();
+  const result = eb.selectFrom(eb.selectFrom(relationModel).where(joinCondition).select(new ExpressionWrapper3(policyCondition).as("$condition")).as("$sub")).selectAll();
   return result;
 }, "check");