Policy filtering should respect field-level access policies

When you use relation fields in query filters, ZenStack automatically injects the policies for the related model, so that the policies are still effective even if you're only filtering but not retrieving data.

E.g., for model:

```prisma
model User {
  ...
  role String
  posts Post[]
  @@allow('read', auth() == this)
}

model Post {
  ...
  author User? @relation(...)
  authorId Int?
}
```

If you query with:

```ts
db.post.findMany({ where: { author: { role: 'Author' } } })
```

The result will be filtered to exclude posts whose author field (`User`) is not readable. The reasoning is since you can't read the author field, you can't access its `role` field, so the `role: 'Author'` filter will evaluate to false.

However, the automatic relation filtering doesn't respect field-level access policies yet. There are two aspects about this problem:

1. If the related model is readable but some of the fields used to filter are not (due to field-level policies), ZenStack should behave as if the model were not readable.

```prisma
model User {
  ...
  role String @deny('read', true)
  posts Post[]
  @@allow('read', true)
}
```

2. If the related model is NOT readable but all of the fields used to filter are readable (due to field-level override policies), ZenStack should behave as if the model were readable.

```prisma
model User {
  ...
  role String @allow('read', true, true)
  posts Post[]
  @@allow('read', false)
}
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Policy filtering should respect field-level access policies #1454

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Policy filtering should respect field-level access policies #1454

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions