fix: 🐛 fluent list relation mask

dennemark · Dec 6, 2024 · 5afde2e · 5afde2e
1 parent 64077dc
commit 5afde2e
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 33 deletions.
diff --git a/src/applyRuleRelationsQuery.ts b/src/applyRuleRelationsQuery.ts
@@ -77,11 +77,10 @@ function mergeArgsAndRelationQuery(args: any, relationQuery: any) {
           ...(args.include ?? {}),
           [k]: v
         }
-        mask[k] = removeNestedIncludeSelect(v.select)
+        mask[k] = args.where ? true : removeNestedIncludeSelect(v.select)
       }
     })
   }
-
   return {
     args,
     mask
@@ -165,31 +164,35 @@ function getNestedQueryRelations(args: any, abilities: PureAbility<AbilityTuple,
       inverted: false
     }
   }))
-  const ast = rulesToAST(ability, action, model)
-
-  const queryRelations = getRuleRelationsQuery(model, ast, creationSelectQuery === true ? {} : creationSelectQuery)
-    ;['include', 'select'].map((method) => {
-      if (args && args[method]) {
-        for (const relation in args[method]) {
-          if (model in relationFieldsByModel && relation in relationFieldsByModel[model]) {
-            const relationField = relationFieldsByModel[model][relation]
-
-            if (relationField) {
-              const nestedQueryRelations = deepMerge(
-                getNestedQueryRelations(args[method][relation], abilities, action === 'all' ? 'all' : 'read', relationField.type as Prisma.ModelName),
-                (typeof queryRelations[relation]?.select === 'object' ? queryRelations[relation]?.select : {})
-              )
-              if (nestedQueryRelations && Object.keys(nestedQueryRelations).length > 0) {
-                queryRelations[relation] = {
-                  ...(queryRelations[relation] ?? {}),
-                  select: nestedQueryRelations
+  try {
+    const ast = rulesToAST(ability, action, model)
+
+    const queryRelations = getRuleRelationsQuery(model, ast, creationSelectQuery === true ? {} : creationSelectQuery)
+      ;['include', 'select'].map((method) => {
+        if (args && args[method]) {
+          for (const relation in args[method]) {
+            if (model in relationFieldsByModel && relation in relationFieldsByModel[model]) {
+              const relationField = relationFieldsByModel[model][relation]
+
+              if (relationField) {
+                const nestedQueryRelations = deepMerge(
+                  getNestedQueryRelations(args[method][relation], abilities, action === 'all' ? 'all' : 'read', relationField.type as Prisma.ModelName),
+                  (typeof queryRelations[relation]?.select === 'object' ? queryRelations[relation]?.select : {})
+                )
+                if (nestedQueryRelations && Object.keys(nestedQueryRelations).length > 0) {
+                  queryRelations[relation] = {
+                    ...(queryRelations[relation] ?? {}),
+                    select: nestedQueryRelations
+                  }
                 }
               }
             }
           }
         }
-      }
-    })
-
-  return queryRelations
+      })
+    return queryRelations
+  } catch (e) {
+    console.error(`Your ability relation probably is missing an 'is': [relation]: { is: { id: 0 } }`)
+    throw e
+  }
 }
diff --git a/test/applyCaslToQuery.test.ts b/test/applyCaslToQuery.test.ts
@@ -108,9 +108,7 @@ describe('apply casl to query', () => {
             author: {
                 id: true,
                 posts: {
-                    thread: {
-                        creatorId: true
-                    }
+                    thread: true
                 }
             },
             thread: true

diff --git a/test/applyRuleRelationsQuery.test.ts b/test/applyRuleRelationsQuery.test.ts
@@ -258,11 +258,7 @@ describe('apply rule relations query', () => {
     const { args, mask } = applyRuleRelationsQuery(includeArgs, build(), 'read', 'User')
     expect(mask).toEqual({
       posts: {
-        author: {
-          threads: {
-            id: true
-          }
-        }
+        author: true
       }
     })
     expect(args?.include).toEqual({

diff --git a/test/extension.test.ts b/test/extension.test.ts
@@ -581,7 +581,7 @@ describe('prisma extension casl', () => {
                     }
                 },
             })
-            expect(result).toEqual({ author: { email: '1', posts: [{ id: 1, thread: null }] } })
+            expect(result).toEqual({ author: { email: '1', posts: [{ id: 1 }] } })
         })
 
         it('includes nested fields if query does not include properties to check for rules', async () => {
@@ -2090,6 +2090,39 @@ describe('prisma extension casl', () => {
             expect(result).toEqual({ email: '0', id: 0, casl: ['create', 'read', 'update', 'delete'] })
         })
     })
+    describe('filter query', () => {
+        it('removes query mask', async () => {
+            function builderFactory() {
+                const builder = abilityBuilder()
+                const { can, cannot } = builder
+
+                can('read', 'Thread')
+                can('read', 'Post', {
+                    threadId: 0,
+                    author: {
+                        is: {
+                            threads: {
+                                some: {
+                                    id: 0
+                                }
+                            }
+                        }
+                    }
+                })
+                can('read', 'User')
+
+                return builder
+            }
+            const client = seedClient.$extends(
+                useCaslAbilities(builderFactory, { permissionField: 'casl' })
+            )
+            const result = await client.user.findUnique({ where: { id: 0 } }).posts()
+            expect(result).toEqual([
+                { authorId: 0, text: "", threadId: 0, id: 0, casl: ['read'] }
+            ])
+
+        })
+    })
 })
 afterAll(async () => {
     await seedClient.$disconnect()