Skip to content

Field level access policy doesn't overide the default deny behavior  #1014

New issue
New issue
Closed
Closed
Field level access policy doesn't overide the default deny behavior #1014
Labels
in-progressruntimeZenStack runtime related
Milestone
 
1.10.0
@jiashengguo

Description

@jiashengguo
jiashengguo
opened on Feb 20, 2024

It shows ACCESS_POLICY_VIOLATION error when trying to update authorId.

  model Post {
    id Int @id() @default(autoincrement())
    title String
    content String?
    author User? @relation(fields: [authorId], references: [id])
    authorId Int? @allow('update', true, true)

    @@allow('read', true)
  }

It works if adding an arbitrary update policy that never fulfill like @@allow('update', content == "123")

Metadata

Metadata

Assignees

No one assigned

    Labels

    in-progressruntimeZenStack runtime related

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions