got todo sample running with policies

Author: ymc9

packages/cli/test/ts-schema-gen.test.ts

@@ -144,8 +144,7 @@ model Post {
                                             kind: 'array',
                                             items: [
                                                 {
-                                                    kind: 'ref',
-                                                    model: 'Post',
+                                                    kind: 'field',
                                                     field: 'authorId',
                                                 },
                                             ],
@@ -157,8 +156,7 @@ model Post {
                                             kind: 'array',
                                             items: [
                                                 {
-                                                    kind: 'ref',
-                                                    model: 'User',
+                                                    kind: 'field',
                                                     field: 'id',
                                                 },
                                             ],
@@ -167,9 +165,8 @@ model Post {
                                     {
                                         name: 'onDelete',
                                         value: {
-                                            kind: 'ref',
-                                            model: 'ReferentialAction',
-                                            field: 'Cascade',
+                                            kind: 'literal',
+                                            value: 'Cascade',
                                         },
                                     },
                                 ],

packages/runtime/src/client/crud/operations/base.ts

@@ -865,6 +865,7 @@ export abstract class BaseOperationHandler<Schema extends SchemaDef> {
                     this.dialect.buildFilter(eb, model, model, combinedWhere)
                 )
                 .set(updateFields)
+                // TODO: return selectively
                 .returningAll();
 
             let updatedEntity: any;
@@ -1555,6 +1556,7 @@ export abstract class BaseOperationHandler<Schema extends SchemaDef> {
         const query = kysely
             .deleteFrom(model)
             .where((eb) => this.dialect.buildFilter(eb, model, model, where))
+            // TODO: return selectively
             .$if(returnData, (qb) => qb.returningAll());
 
         // const result = await this.queryExecutor.execute(kysely, query);
@@ -1607,4 +1609,17 @@ export abstract class BaseOperationHandler<Schema extends SchemaDef> {
         }
         return returnRelation;
     }
+
+    protected async safeTransaction<T>(
+        callback: (tx: ToKysely<Schema>) => Promise<T>
+    ) {
+        if (this.kysely.isTransaction) {
+            return callback(this.kysely);
+        } else {
+            return this.kysely
+                .transaction()
+                .setIsolationLevel('repeatable read')
+                .execute(callback);
+        }
+    }
 }

packages/runtime/src/client/crud/operations/create.ts

@@ -1,7 +1,7 @@
 import { match } from 'ts-pattern';
+import { RejectedByPolicyError } from '../../../plugins/policy/errors';
 import type { GetModels, SchemaDef } from '../../../schema';
 import type { CreateArgs, CreateManyArgs } from '../../crud-types';
-import { RejectedByPolicyError } from '../../errors';
 import { getIdValues } from '../../query-utils';
 import { BaseOperationHandler } from './base';
 
@@ -27,31 +27,15 @@ export class CreateOperationHandler<
     }
 
     private async runCreate(args: CreateArgs<Schema, GetModels<Schema>>) {
-        let result: any;
-        try {
-            result = await this.kysely
-                .transaction()
-                .setIsolationLevel('repeatable read')
-                .execute(async (tx) => {
-                    const createResult = await this.create(
-                        tx,
-                        this.model,
-                        args.data
-                    );
-                    return this.readUnique(tx, this.model, {
-                        select: args.select,
-                        include: args.include,
-                        where: getIdValues(
-                            this.schema,
-                            this.model,
-                            createResult
-                        ),
-                    });
-                });
-        } catch (err) {
-            // console.error(err);
-            throw err;
-        }
+        // TODO: avoid using transaction for simple create
+        const result = await this.safeTransaction(async (tx) => {
+            const createResult = await this.create(tx, this.model, args.data);
+            return this.readUnique(tx, this.model, {
+                select: args.select,
+                include: args.include,
+                where: getIdValues(this.schema, this.model, createResult),
+            });
+        });
 
         if (!result) {
             throw new RejectedByPolicyError(

packages/runtime/src/client/crud/operations/delete.ts

@@ -28,34 +28,24 @@ export class DeleteOperationHandler<
     async runDelete(
         args: DeleteArgs<Schema, Extract<keyof Schema['models'], string>>
     ) {
-        const returnRelations = this.needReturnRelations(this.model, args);
-
-        if (returnRelations) {
-            // employ a transaction
-            return this.kysely.transaction().execute(async (tx) => {
-                const existing = await this.readUnique(tx, this.model, {
-                    select: args.select,
-                    include: args.include,
-                    where: args.where,
-                });
-                if (!existing) {
-                    throw new NotFoundError(this.model);
-                }
-                await this.delete(tx, this.model, args.where, false);
-                return existing;
-            });
-        } else {
-            const result = await this.delete(
-                this.kysely,
-                this.model,
-                args.where,
-                true
-            );
-            if ((result as unknown[]).length < 1) {
-                throw new NotFoundError(this.model);
-            }
-            return this.trimResult(result[0], args);
+        const existing = await this.readUnique(this.kysely, this.model, {
+            select: args.select,
+            include: args.include,
+            where: args.where,
+        });
+        if (!existing) {
+            throw new NotFoundError(this.model);
+        }
+        const result = await this.delete(
+            this.kysely,
+            this.model,
+            args.where,
+            false
+        );
+        if (result.count === 0) {
+            throw new NotFoundError(this.model);
         }
+        return existing;
     }
 
     async runDeleteMany(

packages/runtime/src/client/crud/operations/update.ts

@@ -33,26 +33,23 @@ export class UpdateOperationHandler<
         if (hasRelationUpdate) {
             // employ a transaction
             try {
-                result = await this.kysely
-                    .transaction()
-                    .setIsolationLevel('repeatable read')
-                    .execute(async (tx) => {
-                        const updateResult = await this.update(
-                            tx,
+                result = await this.safeTransaction(async (tx) => {
+                    const updateResult = await this.update(
+                        tx,
+                        this.model,
+                        args.where,
+                        args.data
+                    );
+                    return this.readUnique(tx, this.model, {
+                        select: args.select,
+                        include: args.include,
+                        where: getIdValues(
+                            this.schema,
                             this.model,
-                            args.where,
-                            args.data
-                        );
-                        return this.readUnique(tx, this.model, {
-                            select: args.select,
-                            include: args.include,
-                            where: getIdValues(
-                                this.schema,
-                                this.model,
-                                updateResult
-                            ),
-                        });
+                            updateResult
+                        ),
                     });
+                });
             } catch (err) {
                 // console.error(err);
                 throw err;

packages/runtime/src/client/errors.ts

@@ -15,9 +15,3 @@ export class NotFoundError extends Error {
         super(`Entity not found for model "${model}"`);
     }
 }
-
-export class RejectedByPolicyError extends Error {
-    constructor(reason?: string) {
-        super(reason ?? `Operation rejected by policy`);
-    }
-}

packages/runtime/src/client/executor/zenstack-query-executor.ts

@@ -7,6 +7,7 @@ import {
     Kysely,
     ReturningNode,
     SelectionNode,
+    SelectQueryNode,
     SingleConnectionProvider,
     UpdateQueryNode,
     WhereNode,
@@ -17,7 +18,6 @@ import {
     type QueryCompiler,
     type QueryResult,
     type RootOperationNode,
-    type SelectQueryNode,
     type TableNode,
 } from 'kysely';
 import { nanoid } from 'nanoid';
@@ -61,6 +61,15 @@ export class ZenStackQueryExecutor<
         return this.client.$options;
     }
 
+    private isCrudQueryNode(node: RootOperationNode) {
+        return (
+            SelectQueryNode.is(node) ||
+            InsertQueryNode.is(node) ||
+            UpdateQueryNode.is(node) ||
+            DeleteQueryNode.is(node)
+        );
+    }
+
     override async executeQuery(
         compiledQuery: CompiledQuery,
         queryId: QueryId
@@ -111,7 +120,6 @@ export class ZenStackQueryExecutor<
                 mutationInterceptionInfo
             );
 
-            // trim the result to the original query node
             if (oldQueryNode !== queryNode) {
                 // TODO: trim the result to the original query node
             }
@@ -162,9 +170,7 @@ export class ZenStackQueryExecutor<
     private proceedQuery(query: RootOperationNode, queryId: QueryId) {
         // run built-in transformers
         const finalQuery = this.nameMapper.transformNode(query);
-
         const compiled = this.compileQuery(finalQuery);
-
         return this.driver.txConnection
             ? super
                   .withConnectionProvider(
@@ -415,7 +421,6 @@ export class ZenStackQueryExecutor<
                     }
 
                     plugin.afterEntityMutation({
-                        // context: this.queryContext,
                         model: this.getMutationModel(queryNode),
                         action: mutationInterceptionInfo.action,
                         queryNode,

packages/runtime/src/plugins/policy/errors.ts

@@ -0,0 +1,8 @@
+/**
+ * Error thrown when an operation is rejected by access policy.
+ */
+export class RejectedByPolicyError extends Error {
+    constructor(reason?: string) {
+        super(reason ?? `Operation rejected by policy`);
+    }
+}

packages/runtime/src/plugins/policy/expression-transformer.ts

@@ -129,7 +129,7 @@ export class ExpressionTransformer<Schema extends SchemaDef> {
     @expr('null')
     // @ts-ignore
     private _null() {
-        return ValueNode.create(null);
+        return ValueNode.createImmediate(null);
     }
 
     @expr('binary')
@@ -275,21 +275,21 @@ export class ExpressionTransformer<Schema extends SchemaDef> {
                     BinaryOperationNode.create(
                         count,
                         OperatorNode.create('>'),
-                        ValueNode.create(0)
+                        ValueNode.createImmediate(0)
                     )
                 )
                 .with('!', () =>
                     BinaryOperationNode.create(
                         count,
                         OperatorNode.create('='),
-                        ValueNode.create(0)
+                        ValueNode.createImmediate(0)
                     )
                 )
                 .with('^', () =>
                     BinaryOperationNode.create(
                         count,
                         OperatorNode.create('='),
-                        ValueNode.create(0)
+                        ValueNode.createImmediate(0)
                     )
                 )
                 .exhaustive()
@@ -361,7 +361,7 @@ export class ExpressionTransformer<Schema extends SchemaDef> {
                 'Boolean'
             );
         } else {
-            throw new Error('Unsupported expression');
+            throw new Error('Unsupported binary expression with `auth()`');
         }
     }
 
@@ -511,7 +511,7 @@ export class ExpressionTransformer<Schema extends SchemaDef> {
         receiverType: string
     ) {
         if (!receiver) {
-            return ValueNode.create(null);
+            return ValueNode.createImmediate(null);
         }
 
         if (expr.members.length !== 1) {