Closed ymc9 closed 1 year ago
+1 for this
Would like to have some protected fields, for instance we have
Organization {
id Int @id @default(autoincrement())
name String
notes String?
}
where "notes" would be perhaps an internal, non-customer-facing field that only people with a certain role could view. Right now, to accomplish something similar using only zenstack middleware, we need to create a separate "OrganizationNotes" table with a 1-to-1 relationship and put access policies on that table.
I like the idea of being able to supply an @allow
next to the column in question.
Organization {
id Int @id @default(autoincrement())
name String
notes String? @allow('all', auth().role >= 3)
}
+1 for this
My use case is for read
control on certain fields. I have a model where some fields should be private - visible only by admins and the author.
Suggestion from @keanugrievs:
Other thoughts: