Yiming Cao
Yiming Cao
Good catch! Thanks for making the fix @DoctorFTB !
Hi @benjamintd , thanks for reporting this. I tried to reproduce it following your schema and couldn't see the issue. Do you mind sharing the full object that you passed...
It's currently mentioned in this part of reference: https://zenstack.dev/docs/reference/zmodel-language#model-level-policy and in the complete guide: https://zenstack.dev/docs/the-complete-guide/part1/access-policy/model-level Closing for now and we'll continue watching for similar comments and see how to improve.
I think this will be a very useful feature, but not straightforward to achieve. The reason behind is when evaluating access policies, ZenStack combines all rules in a model together...
> > ZenStack combines all rules in a model together and injects into a Prisma query (for better performance); so when a violation happens, it doesn't really know which rule...
Yes, that part of the analysis is too loose. I'll try to make some improvements in the next release.
Thanks for reporting this @cqh963852 . I'll make a fix in the v3 repo.
Hi @cqh963852 , thanks for making this PR! The original design was for a convenience concern. Consider the following example: ```zmodel model Post { ... @@allow('all', auth().role == 'ADMIN') }...
> > the current design still resolves auth() by checking all loaded models > > Could we adjust this design? maybe > > 1. If the user has specified entries,...