@zenstackhq/runtime 1.0.0-beta.20 → 1.0.0-beta.22

package/enhancements/policy/index.d.ts

@@ -1,5 +1,5 @@
 import { AuthUser } from '../../types';
-import type { ModelMeta, PolicyDef, ZodSchemas } from '../types';
+import type { CommonEnhancementOptions, ModelMeta, PolicyDef, ZodSchemas } from '../types';
 /**
  * Context for evaluating access policies
  */
@@ -9,13 +9,13 @@ export type WithPolicyContext = {
 /**
  * Options for @see withPolicy
  */
-export type WithPolicyOptions = {
+export interface WithPolicyOptions extends CommonEnhancementOptions {
     /**
      * Policy definition
      */
     policy?: PolicyDef;
     /**
-     * Model metatadata
+     * Model metadata
      */
     modelMeta?: ModelMeta;
     /**
@@ -26,7 +26,7 @@ export type WithPolicyOptions = {
      * Whether to log Prisma query
      */
     logPrismaQuery?: boolean;
-};
+}
 /**
  * Gets an enhanced Prisma client with access policy check.
  *

package/enhancements/policy/index.js

@@ -6,11 +6,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.withPolicy = void 0;
-const path_1 = __importDefault(require("path"));
 const semver_1 = __importDefault(require("semver"));
 const constants_1 = require("../../constants");
+const loader_1 = require("../../loader");
 const validation_1 = require("../../validation");
-const model_meta_1 = require("../model-meta");
 const proxy_1 = require("../proxy");
 const utils_1 = require("../utils");
 const handler_1 = require("./handler");
@@ -31,9 +30,9 @@ function withPolicy(prisma, context, options) {
     if (prismaVer && semver_1.default.lt(prismaVer, constants_1.PRISMA_MINIMUM_VERSION)) {
         console.warn(`ZenStack requires Prisma version "${constants_1.PRISMA_MINIMUM_VERSION}" or higher. Detected version is "${prismaVer}".`);
     }
-    const _policy = (_a = options === null || options === void 0 ? void 0 : options.policy) !== null && _a !== void 0 ? _a : getDefaultPolicy();
-    const _modelMeta = (_b = options === null || options === void 0 ? void 0 : options.modelMeta) !== null && _b !== void 0 ? _b : (0, model_meta_1.getDefaultModelMeta)();
-    const _zodSchemas = (_c = options === null || options === void 0 ? void 0 : options.zodSchemas) !== null && _c !== void 0 ? _c : getDefaultZodSchemas();
+    const _policy = (_a = options === null || options === void 0 ? void 0 : options.policy) !== null && _a !== void 0 ? _a : (0, loader_1.getDefaultPolicy)(options === null || options === void 0 ? void 0 : options.loadPath);
+    const _modelMeta = (_b = options === null || options === void 0 ? void 0 : options.modelMeta) !== null && _b !== void 0 ? _b : (0, loader_1.getDefaultModelMeta)(options === null || options === void 0 ? void 0 : options.loadPath);
+    const _zodSchemas = (_c = options === null || options === void 0 ? void 0 : options.zodSchemas) !== null && _c !== void 0 ? _c : (0, loader_1.getDefaultZodSchemas)(options === null || options === void 0 ? void 0 : options.loadPath);
     // validate user context
     if (context === null || context === void 0 ? void 0 : context.user) {
         const idFields = (0, utils_1.getIdFields)(_modelMeta, 'User');
@@ -44,39 +43,4 @@ function withPolicy(prisma, context, options) {
     return (0, proxy_1.makeProxy)(prisma, _modelMeta, (_prisma, model) => new handler_1.PolicyProxyHandler(_prisma, _policy, _modelMeta, _zodSchemas, model, context === null || context === void 0 ? void 0 : context.user, options === null || options === void 0 ? void 0 : options.logPrismaQuery), 'policy');
 }
 exports.withPolicy = withPolicy;
-function getDefaultPolicy() {
-    try {
-        return require('.zenstack/policy').default;
-    }
-    catch (_a) {
-        if (process.env.ZENSTACK_TEST === '1') {
-            try {
-                // special handling for running as tests, try resolving relative to CWD
-                return require(path_1.default.join(process.cwd(), 'node_modules', '.zenstack', 'policy')).default;
-            }
-            catch (_b) {
-                throw new Error('Policy definition cannot be loaded from default location. Please make sure "zenstack generate" has been run.');
-            }
-        }
-        throw new Error('Policy definition cannot be loaded from default location. Please make sure "zenstack generate" has been run.');
-    }
-}
-function getDefaultZodSchemas() {
-    try {
-        // eslint-disable-next-line @typescript-eslint/no-var-requires
-        return require('.zenstack/zod');
-    }
-    catch (_a) {
-        if (process.env.ZENSTACK_TEST === '1') {
-            try {
-                // special handling for running as tests, try resolving relative to CWD
-                return require(path_1.default.join(process.cwd(), 'node_modules', '.zenstack', 'zod'));
-            }
-            catch (_b) {
-                return undefined;
-            }
-        }
-        return undefined;
-    }
-}
 //# sourceMappingURL=index.js.map

package/enhancements/policy/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/enhancements/policy/index.ts"],"names":[],"mappings":";AAAA,uDAAuD;AACvD,uDAAuD;;;;;;AAEvD,gDAAwB;AACxB,oDAA4B;AAC5B,+CAAyD;AAEzD,iDAAgD;AAChD,8CAAoD;AACpD,oCAAqC;AAErC,oCAAuC;AACvC,uCAA+C;AAkC/C;;;;;;;GAOG;AACH,SAAgB,UAAU,CACtB,MAAgB,EAChB,OAA2B,EAC3B,OAA2B;;IAE3B,IAAI,CAAC,MAAM,EAAE;QACT,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;KAC9C;IAED,MAAM,SAAS,GAAI,MAAc,CAAC,cAAc,CAAC;IACjD,IAAI,SAAS,IAAI,gBAAM,CAAC,EAAE,CAAC,SAAS,EAAE,kCAAsB,CAAC,EAAE;QAC3D,OAAO,CAAC,IAAI,CACR,qCAAqC,kCAAsB,qCAAqC,SAAS,IAAI,CAChH,CAAC;KACL;IAED,MAAM,OAAO,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,mCAAI,gBAAgB,EAAE,CAAC;IACtD,MAAM,UAAU,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,mCAAI,IAAA,gCAAmB,GAAE,CAAC;IAC/D,MAAM,WAAW,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,UAAU,mCAAI,oBAAoB,EAAE,CAAC;IAElE,wBAAwB;IACxB,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE;QACf,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACjD,IACI,CAAC,IAAA,yBAAY,EACT,OAAO,CAAC,IAAI,EACZ,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAC9B,EACH;YACE,MAAM,IAAI,KAAK,CACX,kDAAkD,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpG,CAAC;SACL;KACJ;IAED,OAAO,IAAA,iBAAS,EACZ,MAAM,EACN,UAAU,EACV,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CACf,IAAI,4BAAkB,CAClB,OAA2B,EAC3B,OAAO,EACP,UAAU,EACV,WAAW,EACX,KAAK,EACL,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EACb,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,CAC1B,EACL,QAAQ,CACX,CAAC;AACN,CAAC;AAlDD,gCAkDC;AAED,SAAS,gBAAgB;IACrB,IAAI;QACA,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC;KAC9C;IAAC,WAAM;QACJ,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,GAAG,EAAE;YACnC,IAAI;gBACA,uEAAuE;gBACvE,OAAO,OAAO,CAAC,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC;aAC3F;YAAC,WAAM;gBACJ,MAAM,IAAI,KAAK,CACX,8GAA8G,CACjH,CAAC;aACL;SACJ;QACD,MAAM,IAAI,KAAK,CACX,8GAA8G,CACjH,CAAC;KACL;AACL,CAAC;AAED,SAAS,oBAAoB;IACzB,IAAI;QACA,8DAA8D;QAC9D,OAAO,OAAO,CAAC,eAAe,CAAC,CAAC;KACnC;IAAC,WAAM;QACJ,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,GAAG,EAAE;YACnC,IAAI;gBACA,uEAAuE;gBACvE,OAAO,OAAO,CAAC,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;aAChF;YAAC,WAAM;gBACJ,OAAO,SAAS,CAAC;aACpB;SACJ;QACD,OAAO,SAAS,CAAC;KACpB;AACL,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/enhancements/policy/index.ts"],"names":[],"mappings":";AAAA,uDAAuD;AACvD,uDAAuD;;;;;;AAEvD,oDAA4B;AAC5B,+CAAyD;AACzD,yCAA2F;AAE3F,iDAAgD;AAChD,oCAAqC;AAErC,oCAAuC;AACvC,uCAA+C;AAkC/C;;;;;;;GAOG;AACH,SAAgB,UAAU,CACtB,MAAgB,EAChB,OAA2B,EAC3B,OAA2B;;IAE3B,IAAI,CAAC,MAAM,EAAE;QACT,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;KAC9C;IAED,MAAM,SAAS,GAAI,MAAc,CAAC,cAAc,CAAC;IACjD,IAAI,SAAS,IAAI,gBAAM,CAAC,EAAE,CAAC,SAAS,EAAE,kCAAsB,CAAC,EAAE;QAC3D,OAAO,CAAC,IAAI,CACR,qCAAqC,kCAAsB,qCAAqC,SAAS,IAAI,CAChH,CAAC;KACL;IAED,MAAM,OAAO,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,mCAAI,IAAA,yBAAgB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;IACvE,MAAM,UAAU,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,mCAAI,IAAA,4BAAmB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;IAChF,MAAM,WAAW,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,UAAU,mCAAI,IAAA,6BAAoB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,CAAC,CAAC;IAEnF,wBAAwB;IACxB,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EAAE;QACf,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACjD,IACI,CAAC,IAAA,yBAAY,EACT,OAAO,CAAC,IAAI,EACZ,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAC9B,EACH;YACE,MAAM,IAAI,KAAK,CACX,kDAAkD,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpG,CAAC;SACL;KACJ;IAED,OAAO,IAAA,iBAAS,EACZ,MAAM,EACN,UAAU,EACV,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CACf,IAAI,4BAAkB,CAClB,OAA2B,EAC3B,OAAO,EACP,UAAU,EACV,WAAW,EACX,KAAK,EACL,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,EACb,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,CAC1B,EACL,QAAQ,CACX,CAAC;AACN,CAAC;AAlDD,gCAkDC"}

package/enhancements/policy/policy-utils.d.ts

@@ -1,6 +1,7 @@
+import { ZodError } from 'zod';
 import { CrudFailureReason } from '../../constants';
 import { AuthUser, DbClientContract, DbOperations, FieldInfo, PolicyOperationKind } from '../../types';
-import { NestedWriteVisitorContext } from '../nested-write-vistor';
+import { NestedWriteVisitorContext } from '../nested-write-visitor';
 import type { ModelMeta, PolicyDef, ZodSchemas } from '../types';
 /**
  * Access policy enforcement utilities
@@ -55,14 +56,14 @@ export declare class PolicyUtil {
     /**
      * Injects model auth guard as where clause.
      */
-    injectAuthGuard(db: Record<string, DbOperations>, args: any, model: string, operation: PolicyOperationKind): Promise<boolean>;
+    injectAuthGuard(db: Record<string, DbOperations>, args: any, model: string, operation: PolicyOperationKind): boolean;
     private injectGuardForRelationFields;
     private injectGuardForToManyField;
     private injectGuardForToOneField;
     /**
      * Injects auth guard for read operations.
      */
-    injectForRead(db: Record<string, DbOperations>, model: string, args: any): Promise<boolean>;
+    injectForRead(db: Record<string, DbOperations>, model: string, args: any): boolean;
     private flattenGeneratedUniqueField;
     /**
      * Gets unique constraints for the given model.
@@ -71,7 +72,7 @@ export declare class PolicyUtil {
     /**
      * Builds a reversed query for the given nested path.
      */
-    buildReversedQuery(context: NestedWriteVisitorContext): Promise<any>;
+    buildReversedQuery(context: NestedWriteVisitorContext): any;
     private injectNestedReadConditions;
     /**
      * Given a model and a unique filter, checks the operation is allowed by policies and field validations.
@@ -104,7 +105,7 @@ export declare class PolicyUtil {
     injectReadCheckSelect(model: string, args: any): void;
     private doInjectReadCheckSelect;
     private makeAllScalarFieldSelect;
-    deniedByPolicy(model: string, operation: PolicyOperationKind, extra?: string, reason?: CrudFailureReason): Error;
+    deniedByPolicy(model: string, operation: PolicyOperationKind, extra?: string, reason?: CrudFailureReason, zodErrors?: ZodError): Error;
     notFound(model: string): Error;
     validationError(message: string): void;
     unknownError(message: string): void;
@@ -127,6 +128,10 @@ export declare class PolicyUtil {
      */
     postProcessForRead(data: any, model: string, queryArgs: any): void;
     private doPostProcessForRead;
+    /**
+     * Gets information for all fields of a model.
+     */
+    getModelFields(model: string): Record<string, FieldInfo>;
     /**
      * Gets information for a specific model field.
      */