Closed aloisklink closed 3 months ago
Hi @aloisklink , thanks for reporting this!
It is indeed a regression introduced during a refactor. The design is that, for field-level policies, if there are allow rules, at least one of them needs to be satisfied to grant access; however, if there's no allow rule, access is allowed unless explicitly rejected by a deny rule.
I'm making a fix and will publish a patch release soon. I appreciate the updated test case. It made my life easier 😄.
Fixed in v2.2.2
I appreciate the updated test case. It made my life easier 😄.
:heart: I always feel bad reporting a bug unless I have good instructions on how to reproduce it. And writing a new test case is probably the most reproducible bug report!
Description and expected behavior
Since v2.2.0,
@deny('read', ...)
field-level policies never seem to return data when the condition isfalse
. Even@deny('read', false)
(which I'd expect to do nothing), doesn't seem to do anything.Screenshots
N/A
Environment (please complete the following information):
Additional context
I've added a test to the this repo that reproduces the problem.
The test works fine on the
v2.1.0
tag, but breaks on the latestdev
branch (aka commit 92f187f9190517df5baca795f12386c12c6694e9).See my commit that adds a test case to
tests/enhancements/with-policy/field-level-policy.test.ts
: https://github.com/zenstackhq/zenstack/commit/4bcb95849a48da116c2af0a222503d89da26c3ab (based onv2.1.0
).This test case works fine on v2.1.0, but breaks on v2.2.0.
`.patch` of test case in the tests/enhancements/with-policy/field-level-policy.test.ts file
```patch From 4bcb95849a48da116c2af0a222503d89da26c3ab Mon Sep 17 00:00:00 2001 From: Alois Klink