zenstack icon indicating copy to clipboard operation
zenstack copied to clipboard

Published 20 hours ago verified publisher icon zenstackhq

Add New Attributes @createdBy and @updatedBy

Open milimyname opened this issue 8 months ago • 4 comments

At first, I wanna thank u for creating and working on a great library! I got a request about new attributes to manage spaces/memberships better. Also, it was mentioned in discord.

Is your feature request related to a problem? Please describe. Introduce new attributes @updatedBy and @createdBy similar to Prisma's @updtedAt to avoid for creating manual relationships between schemas

Describe the solution you'd like

abstract model Base {
  id        String   @id @default(cuid())
  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt
}

abstract model BaseUser extends Base {
  createdById  String @createdBy @default(auth().id)
  updatedById String? @default(auth().id) @default(auth().id)
}

Describe alternatives you've considered

abstract model BaseUser extends Base {
  createdById String  @default(auth().id) @deny("update", true)
  createdBy   User    @relation("createdBy", fields: [createdById], references: [id], onDelete: SetNull)
  updatedById String? @default(auth().id)
  updatedBy   User?   @relation("updatedBy", fields: [updatedById], references: [id], onDelete: SetNull)
}

Additional context

The conversion in discord:

Mr. Zero5Um

ok, the best way I've come up with is to use an access policy to make sure >the updatedBy can't be set to an arbitrary user id. i can do this like this >@@allow('update', future().lastUpdatedBy == auth().id. Then with it >validating the update I can update lastUpdatedBy as part of any normal >update on a model w/o worrying about a malicious actor trying to update it >to another user. if anyone knows any more info or a better way to do this, it would be much >appreciated. btw- LOVE zenstack. when my company finally makes a dollar >i will be donating it to you

The comment from Mr. @ymc9

Hey @Zero5um , I think the post-update rule as you showed is the way to >go and there isn't a simpler way to do that today. Maybe we can introduce ?>an attribute @updatedBy in future releases (similar to Prisma's >@updtedAt). Please help file a feature request if you feel it's important. Thanks!

milimyname avatar Jun 13 '24 12:06 milimyname