Skip to content

feat: Support literal comparisons in authorization expressions#823

Merged
kingston merged 6 commits into
mainfrom
kingston/eng-1099-support-literal-comparisons-in-authorization-expressions
Mar 13, 2026
Merged

feat: Support literal comparisons in authorization expressions#823
kingston merged 6 commits into
mainfrom
kingston/eng-1099-support-literal-comparisons-in-authorization-expressions

Conversation

@kingston

@kingston kingston commented Mar 13, 2026

Copy link
Copy Markdown
Collaborator

Summary by CodeRabbit

  • New Features

    • Support literal value comparisons in authorization expressions (e.g., model.status === 'active', 'active' === model.status)
    • Added strict inequality (!==) alongside === for comparisons
    • Validation warns when a literal's type is incompatible with the field's declared type
  • Bug Fixes / Improvements

    • Query/authorization generation now correctly emits literal values and flattens same-operator logical chains
  • Tests

    • Expanded test coverage for literal comparisons, operators, and logical flattening

@changeset-bot

changeset-bot Bot commented Mar 13, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: b36e385

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 21 packages
Name Type
@baseplate-dev/project-builder-lib Patch
@baseplate-dev/project-builder-server Patch
@baseplate-dev/project-builder-web Patch
@baseplate-dev/create-project Patch
@baseplate-dev/project-builder-cli Patch
@baseplate-dev/project-builder-common Patch
@baseplate-dev/project-builder-dev Patch
@baseplate-dev/plugin-auth Patch
@baseplate-dev/plugin-email Patch
@baseplate-dev/plugin-queue Patch
@baseplate-dev/plugin-rate-limit Patch
@baseplate-dev/plugin-storage Patch
@baseplate-dev/project-builder-test Patch
@baseplate-dev/code-morph Patch
@baseplate-dev/core-generators Patch
@baseplate-dev/fastify-generators Patch
@baseplate-dev/react-generators Patch
@baseplate-dev/sync Patch
@baseplate-dev/tools Patch
@baseplate-dev/ui-components Patch
@baseplate-dev/utils Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai

coderabbitai Bot commented Mar 13, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 300d6a33-5fb1-4645-9f5f-dec1ad2b8366

📥 Commits

Reviewing files that changed from the base of the PR and between cad6bba and b36e385.

📒 Files selected for processing (4)
  • .changeset/literal-comparisons-in-auth-expressions.md
  • packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-acorn-parser.ts
  • packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-validator.ts
  • packages/project-builder-server/src/compiler/backend/query-filter-compiler.ts
🚧 Files skipped from review as they are similar to previous changes (2)
  • packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-acorn-parser.ts
  • .changeset/literal-comparisons-in-auth-expressions.md

📝 Walkthrough

Walkthrough

Adds support for literal value operands (string, number, boolean) in authorizer expression comparisons and strict inequality (!==), updates parsing, AST, validation (including literal-type checks), server codegen/query compilation, frontend validation wiring, and tests/changelog across lib, server, and web packages.

Changes

Cohort / File(s) Summary
AST & Core Types
packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-ast.ts
Adds LiteralValueNode and updates FieldComparisonNode to accept `FieldRefNode
Parser & AST Conversion
packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-acorn-parser.ts, .../authorizer-expression-parser.ts
Parses !== and literals, introduces convertFieldRefOrLiteral to allow field-vs-literal comparisons, prevents literal-to-literal comparisons, and collects model field type metadata.
Validation & Context
packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-validator.ts, .../authorizer-expression-validator.unit.test.ts
Adds fieldTypes: Map<string,string> to ModelValidationContext, validates literal-type compatibility with field types (warning on mismatch), updates createModelValidationContext signature to accept ModelConfig, and updates tests to use test helpers.
Server: Authorizer Codegen
packages/project-builder-server/src/compiler/backend/authorizer-compiler.ts, .../authorizer-compiler.unit.test.ts
Replaces field-only codegen with generateComparisonOperandCode to emit either field refs or serialized literals (strings quoted), and adds tests for ===/!== and literal comparisons.
Server: Query Filter Compilation
packages/project-builder-server/src/compiler/backend/query-filter-compiler.ts, .../query-filter-compiler.unit.test.ts
Extends generateFieldComparisonWhereCode to accept literals and operator, serializes literals for Prisma where code, adds collectLogicalOperands to flatten consecutive same logical operators, and expands tests for literal comparisons and flattening behavior.
Frontend Integration & Types
packages/project-builder-web/src/.../authorizer-expression-linter.ts, .../model-authorizer-role-form.tsx
Switches to imported ModelValidationContext, integrates createModelValidationContext so linter/autocomplete receive full validation context.
Tests & Helpers
packages/project-builder-lib/src/.../authorizer-expression-acorn-parser.unit.test.ts, other unit tests, #src/testing/definition-helpers.test-helper.js
Adds comprehensive unit tests for literal parsing/positions, operator handling, validation, and introduces createTestModel / createTestScalarField test helpers.
Changelog
.changeset/literal-comparisons-in-auth-expressions.md
New changeset documenting literal comparison support affecting lib, server, and web packages.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 68.18% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and clearly summarizes the main feature being added: support for literal value comparisons in authorization expressions, which is the central change across all modified files.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
  • 📝 Generate docstrings (stacked PR)
  • 📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch kingston/eng-1099-support-literal-comparisons-in-authorization-expressions
📝 Coding Plan
  • Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (1)
packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-validator.unit.test.ts (1)

679-695: Please add direct coverage for the new literal-validation branch.

These assertions only verify that fieldTypes is populated. A warning case like model.count === 1.5 and a passing case like model.status === 'active' would exercise validateLiteralTypeCompatibility() itself instead of only its setup.

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.changeset/literal-comparisons-in-auth-expressions.md:
- Around line 1-6: The changeset frontmatter is missing the non-private package
'@baseplate-dev/project-builder-web'; update the YAML frontmatter in
.changeset/literal-comparisons-in-auth-expressions.md by adding the line
"'@baseplate-dev/project-builder-web': patch" alongside the existing entries so
the frontmatter lists '@baseplate-dev/project-builder-lib',
'@baseplate-dev/project-builder-server', and
'@baseplate-dev/project-builder-web' as patch releases.

In
`@packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-acorn-parser.ts`:
- Around line 203-226: convertFieldRefOrLiteral currently only treats node.type
=== 'Literal', so signed numeric literals parsed as UnaryExpression (e.g., {
type: 'UnaryExpression', operator: '-', argument: Literal }) are misclassified;
update convertFieldRefOrLiteral to detect node.type === 'UnaryExpression' with
operator '+' or '-' and an argument that is a numeric Literal, compute the
signed numeric value (apply operator to argument.value) and return a
LiteralValueNode with that value and the original node.start/node.end; otherwise
fall through to existing logic and keep throwing AuthorizerExpressionParseError
for unsupported cases.

In
`@packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-validator.ts`:
- Around line 289-297: The validator groups 'int' with 'float'/'decimal' so an
expression like model.count === 1.5 passes; update the switch in
authorizer-expression-validator to treat 'int' separately: for fieldType ===
'int' return true only if literalJsType === 'number' AND the numeric value is an
integer (e.g., Number.isInteger or equivalent check on the literal value), while
keeping 'float' and 'decimal' accepting any numeric literal; use the existing
fieldType and literalJsType variables to locate and change the int case logic.

In
`@packages/project-builder-server/src/compiler/backend/query-filter-compiler.ts`:
- Around line 175-191: Add an explicit guard for model-vs-model comparisons
before the auth fallback: detect when both modelNode and otherNode have source
=== 'model' and throw a clear error (e.g., "model-to-model comparisons not
supported") instead of emitting ctx.auth.*; update the branch that currently
builds authExpr (`const authExpr = \`ctx.auth.\${otherNode.field}\``) to only
run when otherNode.source === 'auth', and keep the literalValue handling as-is;
reference modelNode, otherNode, operator and serializeLiteralValue when locating
the code to change.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c8a61e52-efb9-4339-a9e3-4aa51085b59e

📥 Commits

Reviewing files that changed from the base of the PR and between 41b09d1 and cad6bba.

📒 Files selected for processing (13)
  • .changeset/literal-comparisons-in-auth-expressions.md
  • packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-acorn-parser.ts
  • packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-acorn-parser.unit.test.ts
  • packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-ast.ts
  • packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-parser.ts
  • packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-validator.ts
  • packages/project-builder-lib/src/schema/models/authorizer/authorizer-expression-validator.unit.test.ts
  • packages/project-builder-server/src/compiler/backend/authorizer-compiler.ts
  • packages/project-builder-server/src/compiler/backend/authorizer-compiler.unit.test.ts
  • packages/project-builder-server/src/compiler/backend/query-filter-compiler.ts
  • packages/project-builder-server/src/compiler/backend/query-filter-compiler.unit.test.ts
  • packages/project-builder-web/src/routes/data/models/edit.$key/-components/authorizer/authorizer-expression-linter.ts
  • packages/project-builder-web/src/routes/data/models/edit.$key/-components/authorizer/model-authorizer-role-form.tsx

Comment thread .changeset/literal-comparisons-in-auth-expressions.md
@kingston kingston merged commit 34fc44e into main Mar 13, 2026
10 checks passed
@kingston kingston deleted the kingston/eng-1099-support-literal-comparisons-in-authorization-expressions branch March 13, 2026 20:20
@github-actions github-actions Bot mentioned this pull request Mar 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant