zenstack icon indicating copy to clipboard operation
zenstack copied to clipboard
verified publisher icon zenstackhq

[Feature Request] New scope shorthand syntax in @@allow and @@deny

Open LilaRest opened this issue 1 year ago • 1 comments

Describe the solution you'd like To avoid repeating multiple time the condition of an access policy which is error-prone and harder to maintain, the @@allow and @@deny statements in ZModels could also accept an Array as first parameter.

Example:

@@allow(["read", "update", "delete"], auth() == this)

Instead of:

@@allow("read", auth() == this)
@@allow("update", auth() == this)
@@allow("delete", auth() == this)

Describe alternatives you've considered I've considered using something like that, but that's less explicit and so more error-prone:

@@allow("all", auth() == this)
@@deny("create", true)

LilaRest avatar Sep 18 '24 09:09 LilaRest

I just found in a random place in the docs that the valid syntax to achieve that is:

@@allow("read,update,delete", auth() == this)

So no issue here, just require a bit more documentation about this syntax.

LilaRest avatar Sep 18 '24 13:09 LilaRest

It's currently mentioned in this part of reference: https://zenstack.dev/docs/reference/zmodel-language#model-level-policy and in the complete guide: https://zenstack.dev/docs/the-complete-guide/part1/access-policy/model-level

Closing for now and we'll continue watching for similar comments and see how to improve.

ymc9 avatar Oct 27 '24 21:10 ymc9