Fullstack TypeScript toolkit that enhances Prisma ORM with flexible Authorization layer for RBAC/ABAC/PBAC/ReBAC, offering auto-generated type-safe APIs and frontend hooks.
Is your feature request related to a problem? Please describe.
Today, you can't mix fields from different models in a policy expression. For example, the following is not valid:
model Post {
...
comments Comment[]
}
model Comment {
...
post Post @relation(...)
@@allow('create', post.ownerId == ownerId)
}
The limitation is rooted from Prisma's lack of support to compare a field with a relation field. To do that, you'll have to resort to raw queries, and ZenStack doesn't generate raw queries.
Describe the solution you'd like
Make it work at least for some very common scenarios.
Is your feature request related to a problem? Please describe. Today, you can't mix fields from different models in a policy expression. For example, the following is not valid:
The limitation is rooted from Prisma's lack of support to compare a field with a relation field. To do that, you'll have to resort to raw queries, and ZenStack doesn't generate raw queries.
Describe the solution you'd like Make it work at least for some very common scenarios.