diff --git a/packages/schema/src/cli/cli-util.ts b/packages/schema/src/cli/cli-util.ts index d32a51b08..d183e9be2 100644 --- a/packages/schema/src/cli/cli-util.ts +++ b/packages/schema/src/cli/cli-util.ts @@ -103,7 +103,7 @@ function validationAfterMerge(model: Model) { } // at most one `@@auth` model - const dataModels = getDataModels(model); + const dataModels = getDataModels(model, true); const authModels = dataModels.filter((d) => hasAttribute(d, '@@auth')); if (authModels.length > 1) { console.error(colors.red('Validation error: Multiple `@@auth` models are not allowed')); diff --git a/packages/schema/src/plugins/access-policy/policy-guard-generator.ts b/packages/schema/src/plugins/access-policy/policy-guard-generator.ts index fb6f3c57b..6ad36a18f 100644 --- a/packages/schema/src/plugins/access-policy/policy-guard-generator.ts +++ b/packages/schema/src/plugins/access-policy/policy-guard-generator.ts @@ -817,7 +817,7 @@ export default class PolicyGenerator { ); if (hasAuthRef) { - const authModel = getAuthModel(getDataModels(model.$container)); + const authModel = getAuthModel(getDataModels(model.$container, true)); if (!authModel) { throw new PluginError(name, 'Auth model not found'); } diff --git a/packages/sdk/src/utils.ts b/packages/sdk/src/utils.ts index e246461d0..abec6092b 100644 --- a/packages/sdk/src/utils.ts +++ b/packages/sdk/src/utils.ts @@ -34,8 +34,13 @@ import { PluginError, PluginOptions } from './types'; /** * Gets data models that are not ignored */ -export function getDataModels(model: Model) { - return model.declarations.filter((d): d is DataModel => isDataModel(d) && !hasAttribute(d, '@@ignore')); +export function getDataModels(model: Model, includeIgnored = false) { + const r = model.declarations.filter((d): d is DataModel => isDataModel(d)); + if (includeIgnored) { + return r; + } else { + return r.filter((model) => !hasAttribute(model, '@@ignore')); + } } export function resolved(ref: Reference): T { diff --git a/tests/integration/tests/enhancements/with-policy/auth.test.ts b/tests/integration/tests/enhancements/with-policy/auth.test.ts index 38ee87a9c..8f095f677 100644 --- a/tests/integration/tests/enhancements/with-policy/auth.test.ts +++ b/tests/integration/tests/enhancements/with-policy/auth.test.ts @@ -213,6 +213,61 @@ describe('With Policy: auth() test', () => { await expect(adminDb.post.create({ data: { title: 'abc' } })).toResolveTruthy(); }); + it('User model ignored', async () => { + const { withPolicy } = await loadSchema( + ` + model User { + id String @id @default(uuid()) + role String + + @@ignore + } + + model Post { + id String @id @default(uuid()) + title String + + @@allow('read', true) + @@allow('create', auth().role == 'ADMIN') + } + ` + ); + + const userDb = withPolicy({ id: 'user1', role: 'USER' }); + await expect(userDb.post.create({ data: { title: 'abc' } })).toBeRejectedByPolicy(); + + const adminDb = withPolicy({ id: 'user1', role: 'ADMIN' }); + await expect(adminDb.post.create({ data: { title: 'abc' } })).toResolveTruthy(); + }); + + it('Auth model ignored', async () => { + const { withPolicy } = await loadSchema( + ` + model Foo { + id String @id @default(uuid()) + role String + + @@auth() + @@ignore + } + + model Post { + id String @id @default(uuid()) + title String + + @@allow('read', true) + @@allow('create', auth().role == 'ADMIN') + } + ` + ); + + const userDb = withPolicy({ id: 'user1', role: 'USER' }); + await expect(userDb.post.create({ data: { title: 'abc' } })).toBeRejectedByPolicy(); + + const adminDb = withPolicy({ id: 'user1', role: 'ADMIN' }); + await expect(adminDb.post.create({ data: { title: 'abc' } })).toResolveTruthy(); + }); + it('collection predicate', async () => { const { enhance, prisma } = await loadSchema( `