From 4313b5ff04297d7f713045085f03d8801c186fde Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Sat, 5 Aug 2023 17:20:58 +0800 Subject: [PATCH 1/4] fix: improve consistency of generated guard code --- .../schema/src/plugins/access-policy/expression-writer.ts | 4 ++-- .../src/plugins/access-policy/policy-guard-generator.ts | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/schema/src/plugins/access-policy/expression-writer.ts b/packages/schema/src/plugins/access-policy/expression-writer.ts index e45bce0cb..3c7fbdd1d 100644 --- a/packages/schema/src/plugins/access-policy/expression-writer.ts +++ b/packages/schema/src/plugins/access-policy/expression-writer.ts @@ -43,8 +43,8 @@ type FilterOperators = // { OR: [] } filters to nothing, { AND: [] } includes everything // https://www.prisma.io/docs/concepts/components/prisma-client/null-and-undefined#the-effect-of-null-and-undefined-on-conditionals -const TRUE = '{ AND: [] }'; -const FALSE = '{ OR: [] }'; +export const TRUE = '{ AND: [] }'; +export const FALSE = '{ OR: [] }'; /** * Utility for writing ZModel expression as Prisma query argument objects into a ts-morph writer diff --git a/packages/schema/src/plugins/access-policy/policy-guard-generator.ts b/packages/schema/src/plugins/access-policy/policy-guard-generator.ts index 4e46072a1..513384df1 100644 --- a/packages/schema/src/plugins/access-policy/policy-guard-generator.ts +++ b/packages/schema/src/plugins/access-policy/policy-guard-generator.ts @@ -50,7 +50,7 @@ import { TypeScriptExpressionTransformerError, } from '../../utils/typescript-expression-transformer'; import { ALL_OPERATION_KINDS, getDefaultOutputFolder } from '../plugin-utils'; -import { ExpressionWriter } from './expression-writer'; +import { ExpressionWriter, FALSE, TRUE } from './expression-writer'; import { isFutureExpr } from './utils'; /** @@ -414,10 +414,10 @@ export default class PolicyGenerator { }); try { denies.forEach((rule) => { - writer.write(`if (${transformer.transform(rule, false)}) { return false; }`); + writer.write(`if (${transformer.transform(rule, false)}) { return ${FALSE}; }`); }); allows.forEach((rule) => { - writer.write(`if (${transformer.transform(rule, false)}) { return true; }`); + writer.write(`if (${transformer.transform(rule, false)}) { return ${TRUE}; }`); }); } catch (err) { if (err instanceof TypeScriptExpressionTransformerError) { From 0f7f327f8839a51aa324f2115107f05f04804b23 Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Sat, 5 Aug 2023 17:23:09 +0800 Subject: [PATCH 2/4] update --- .../schema/src/plugins/access-policy/policy-guard-generator.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/schema/src/plugins/access-policy/policy-guard-generator.ts b/packages/schema/src/plugins/access-policy/policy-guard-generator.ts index 513384df1..1fbba6800 100644 --- a/packages/schema/src/plugins/access-policy/policy-guard-generator.ts +++ b/packages/schema/src/plugins/access-policy/policy-guard-generator.ts @@ -426,7 +426,7 @@ export default class PolicyGenerator { throw err; } } - writer.write('return false;'); + writer.write(`return ${FALSE};`); }); } else { statements.push((writer) => { From fc9ea14538c4931c1e15e6e6f380745f6d096dd0 Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Sat, 5 Aug 2023 17:27:39 +0800 Subject: [PATCH 3/4] chore: bump version --- package.json | 2 +- packages/language/package.json | 2 +- packages/plugins/openapi/package.json | 2 +- packages/plugins/swr/package.json | 2 +- packages/plugins/tanstack-query/package.json | 2 +- packages/plugins/trpc/package.json | 2 +- packages/runtime/package.json | 2 +- packages/schema/package.json | 2 +- packages/sdk/package.json | 2 +- packages/server/package.json | 2 +- packages/testtools/package.json | 2 +- pnpm-lock.yaml | 14 ++++++++++++++ 12 files changed, 25 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index 4c35012c0..cb917a35e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "zenstack-monorepo", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "description": "", "scripts": { "build": "pnpm -r build", diff --git a/packages/language/package.json b/packages/language/package.json index 5c2e8bc97..5a43da152 100644 --- a/packages/language/package.json +++ b/packages/language/package.json @@ -1,6 +1,6 @@ { "name": "@zenstackhq/language", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "displayName": "ZenStack modeling language compiler", "description": "ZenStack modeling language compiler", "homepage": "https://zenstack.dev", diff --git a/packages/plugins/openapi/package.json b/packages/plugins/openapi/package.json index 175cd84b7..888ad9fde 100644 --- a/packages/plugins/openapi/package.json +++ b/packages/plugins/openapi/package.json @@ -1,7 +1,7 @@ { "name": "@zenstackhq/openapi", "displayName": "ZenStack Plugin and Runtime for OpenAPI", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "description": "ZenStack plugin and runtime supporting OpenAPI", "main": "index.js", "repository": { diff --git a/packages/plugins/swr/package.json b/packages/plugins/swr/package.json index 083912f6c..496c40008 100644 --- a/packages/plugins/swr/package.json +++ b/packages/plugins/swr/package.json @@ -1,7 +1,7 @@ { "name": "@zenstackhq/swr", "displayName": "ZenStack plugin for generating SWR hooks", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "description": "ZenStack plugin for generating SWR hooks", "main": "index.js", "repository": { diff --git a/packages/plugins/tanstack-query/package.json b/packages/plugins/tanstack-query/package.json index 130c4b051..bf87033f7 100644 --- a/packages/plugins/tanstack-query/package.json +++ b/packages/plugins/tanstack-query/package.json @@ -1,7 +1,7 @@ { "name": "@zenstackhq/tanstack-query", "displayName": "ZenStack plugin for generating tanstack-query hooks", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "description": "ZenStack plugin for generating tanstack-query hooks", "main": "index.js", "exports": { diff --git a/packages/plugins/trpc/package.json b/packages/plugins/trpc/package.json index 3f5723880..10c66c040 100644 --- a/packages/plugins/trpc/package.json +++ b/packages/plugins/trpc/package.json @@ -1,7 +1,7 @@ { "name": "@zenstackhq/trpc", "displayName": "ZenStack plugin for tRPC", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "description": "ZenStack plugin for tRPC", "main": "index.js", "repository": { diff --git a/packages/runtime/package.json b/packages/runtime/package.json index 7cf48b668..0140101fd 100644 --- a/packages/runtime/package.json +++ b/packages/runtime/package.json @@ -1,7 +1,7 @@ { "name": "@zenstackhq/runtime", "displayName": "ZenStack Runtime Library", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "description": "Runtime of ZenStack for both client-side and server-side environments.", "repository": { "type": "git", diff --git a/packages/schema/package.json b/packages/schema/package.json index 8de326b9a..73d1e5e87 100644 --- a/packages/schema/package.json +++ b/packages/schema/package.json @@ -3,7 +3,7 @@ "publisher": "zenstack", "displayName": "ZenStack Language Tools", "description": "A toolkit for building secure CRUD apps with Next.js + Typescript", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "author": { "name": "ZenStack Team" }, diff --git a/packages/sdk/package.json b/packages/sdk/package.json index d9e744361..a24fa7062 100644 --- a/packages/sdk/package.json +++ b/packages/sdk/package.json @@ -1,6 +1,6 @@ { "name": "@zenstackhq/sdk", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "description": "ZenStack plugin development SDK", "main": "index.js", "scripts": { diff --git a/packages/server/package.json b/packages/server/package.json index 030f70d3d..cee55fb36 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,6 +1,6 @@ { "name": "@zenstackhq/server", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "displayName": "ZenStack Server-side Adapters", "description": "ZenStack server-side adapters", "homepage": "https://zenstack.dev", diff --git a/packages/testtools/package.json b/packages/testtools/package.json index 1836a12ef..f539df544 100644 --- a/packages/testtools/package.json +++ b/packages/testtools/package.json @@ -1,6 +1,6 @@ { "name": "@zenstackhq/testtools", - "version": "1.0.0-beta.13", + "version": "1.0.0-beta.15", "description": "ZenStack Test Tools", "main": "index.js", "publishConfig": { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a2294dad3..01fdcb97d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -4990,6 +4990,7 @@ packages: /chownr@1.1.4: resolution: {integrity: sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==} + requiresBuild: true dev: true optional: true @@ -5430,6 +5431,7 @@ packages: /decompress-response@6.0.0: resolution: {integrity: sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==} engines: {node: '>=10'} + requiresBuild: true dependencies: mimic-response: 3.1.0 dev: true @@ -5527,6 +5529,7 @@ packages: /detect-libc@2.0.1: resolution: {integrity: sha512-463v3ZeIrcWtdgIg6vI6XUncguvr2TnGl4SzDXinkt9mSLpBJKXT3mW6xT3VQdDN11+WVs29pgvivTc4Lp8v+w==} engines: {node: '>=8'} + requiresBuild: true dev: true optional: true @@ -6393,6 +6396,7 @@ packages: /expand-template@2.0.3: resolution: {integrity: sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==} engines: {node: '>=6'} + requiresBuild: true dev: true optional: true @@ -6879,6 +6883,7 @@ packages: /github-from-package@0.0.0: resolution: {integrity: sha512-SyHy3T1v2NUXn29OsWdxmK6RwHD+vkj3v8en8AOBZ1wBQ/hCAQ5bAQTD02kW4W9tUp/3Qh6J8r9EvntiyCmOOw==} + requiresBuild: true dev: true optional: true @@ -8475,6 +8480,7 @@ packages: /mkdirp-classic@0.5.3: resolution: {integrity: sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==} + requiresBuild: true dev: true optional: true @@ -8537,6 +8543,7 @@ packages: /napi-build-utils@1.0.2: resolution: {integrity: sha512-ONmRUqK7zj7DWX0D9ADe03wbwOBZxNAfF20PlGfCWQcD3+/MakShIHrMqx9YwPTfxDdF1zLeL+RGZiR9kGMLdg==} + requiresBuild: true dev: true optional: true @@ -8699,6 +8706,7 @@ packages: /node-abi@3.45.0: resolution: {integrity: sha512-iwXuFrMAcFVi/ZoZiqq8BzAdsLw9kxDfTC0HMyjXfSL/6CSDAGD5UmR7azrAgWV1zKYq7dUUMj4owusBWKLsiQ==} engines: {node: '>=10'} + requiresBuild: true dependencies: semver: 7.5.3 dev: true @@ -8706,6 +8714,7 @@ packages: /node-addon-api@4.3.0: resolution: {integrity: sha512-73sE9+3UaLYYFmDsFZnqCInzPyh3MqIwZO9cw58yIqAZhONrrabrYyYe3TuIqtIiOuTXVhsGau8hcrhhwSsDIQ==} + requiresBuild: true dev: true optional: true @@ -9344,6 +9353,7 @@ packages: resolution: {integrity: sha512-jAXscXWMcCK8GgCoHOfIr0ODh5ai8mj63L2nWrjuAgXE6tDyYGnx4/8o/rCgU+B4JSyZBKbeZqzhtwtC3ovxjw==} engines: {node: '>=10'} hasBin: true + requiresBuild: true dependencies: detect-libc: 2.0.1 expand-template: 2.0.3 @@ -9470,6 +9480,7 @@ packages: /pump@3.0.0: resolution: {integrity: sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==} + requiresBuild: true dependencies: end-of-stream: 1.4.4 once: 1.4.0 @@ -10035,11 +10046,13 @@ packages: /simple-concat@1.0.1: resolution: {integrity: sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==} + requiresBuild: true dev: true optional: true /simple-get@4.0.1: resolution: {integrity: sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA==} + requiresBuild: true dependencies: decompress-response: 6.0.0 once: 1.4.0 @@ -10497,6 +10510,7 @@ packages: /tar-fs@2.1.1: resolution: {integrity: sha512-V0r2Y9scmbDRLCNex/+hYzvp/zyYjvFbHPNgVTKfQvVrb6guiE/fxP+XblDNR011utopbkex2nM4dHNV6GDsng==} + requiresBuild: true dependencies: chownr: 1.1.4 mkdirp-classic: 0.5.3 From aea7954f3f78871e1ae78ecdad32a7f786cbeed1 Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Sat, 5 Aug 2023 17:44:59 +0800 Subject: [PATCH 4/4] fix tests --- .../integration/tests/plugins/policy.test.ts | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/tests/integration/tests/plugins/policy.test.ts b/tests/integration/tests/plugins/policy.test.ts index 7358a8fb6..4b67dae7c 100644 --- a/tests/integration/tests/plugins/policy.test.ts +++ b/tests/integration/tests/plugins/policy.test.ts @@ -13,6 +13,9 @@ describe('Policy plugin tests', () => { process.chdir(origDir); }); + const TRUE = { AND: [] }; + const FALSE = { OR: [] }; + it('short-circuit', async () => { const model = ` model User { @@ -33,18 +36,18 @@ model M { const { policy } = await loadSchema(model); - expect(policy.guard.m.read({ user: undefined })).toEqual(false); - expect(policy.guard.m.read({ user: { id: '1' } })).toEqual(true); + expect(policy.guard.m.read({ user: undefined })).toEqual(FALSE); + expect(policy.guard.m.read({ user: { id: '1' } })).toEqual(TRUE); - expect(policy.guard.m.create({ user: undefined })).toEqual(false); - expect(policy.guard.m.create({ user: { id: '1' } })).toEqual(false); - expect(policy.guard.m.create({ user: { id: '1', value: 0 } })).toEqual(false); - expect(policy.guard.m.create({ user: { id: '1', value: 1 } })).toEqual(true); + expect(policy.guard.m.create({ user: undefined })).toEqual(FALSE); + expect(policy.guard.m.create({ user: { id: '1' } })).toEqual(FALSE); + expect(policy.guard.m.create({ user: { id: '1', value: 0 } })).toEqual(FALSE); + expect(policy.guard.m.create({ user: { id: '1', value: 1 } })).toEqual(TRUE); - expect(policy.guard.m.update({ user: undefined })).toEqual(false); - expect(policy.guard.m.update({ user: { id: '1' } })).toEqual(false); - expect(policy.guard.m.update({ user: { id: '1', value: 0 } })).toEqual(false); - expect(policy.guard.m.update({ user: { id: '1', value: 1 } })).toEqual(true); + expect(policy.guard.m.update({ user: undefined })).toEqual(FALSE); + expect(policy.guard.m.update({ user: { id: '1' } })).toEqual(FALSE); + expect(policy.guard.m.update({ user: { id: '1', value: 0 } })).toEqual(FALSE); + expect(policy.guard.m.update({ user: { id: '1', value: 1 } })).toEqual(TRUE); }); it('no short-circuit', async () => {