Typing Error in the middlware

[issam-seghir]

• User schema :

model User {
  id           String    @id @default(uuid())  @db.Uuid
  username     String    @unique
  email        String    @unique
  password     String
  firstName    String   @allow('read', auth().role == STUDENT && auth().teacher.userId != id ) // Students can only see name and profile pic of the teacher
  lastName     String    @allow('read', auth().role == STUDENT && auth().teacher.userId != id) // Students can only see name and profile pic of the teacher
  profilePic   String?   @default("https://i.imgur.com/zTSAKyM.png") @allow('read', auth().role == STUDENT && auth().teacher.userId != id ) // Students can only see name and profile pic of the teacher
  coverImg     String?   @default("https://i.imgur.com/p2aIYMy.png") @allow('read', auth().role == STUDENT && auth().teacher.userId != id ) // Students can only see name and profile pic of the teacher
  isEmailVerified Boolean? @default(false)
  isRegistered Boolean?  @default(false)
  isDisabled   Boolean?  @default(false)
  isDeleted    Boolean?  @default(false)
  createdAt    DateTime  @default(now())
  updatedAt    DateTime  @updatedAt
  deletedAt    DateTime? @db.Timestamptz(6)
  birthDate    DateTime?
  phone        String?   @unique
  gender       Gender
  country      String?
  state        String?

  //  Relations to other tables
  lessons      Lesson[]
  liveSessions LiveSession[]
  exams        Exam[]
  tokens       Token[]
  enrollments  Enrollment[]
  courses      Course[]      @relation("TeacherCourses")

  // Relations to specific roles
  admin   Admin?
  supervisor Supervisor?
  teacher Teacher?
  student Student?

  // Roles relation
  // roles Role[] @relation("UserRoles")
  role RoleType

  // ZenStack policies
  @@allow('all', auth().role == ADMIN) // Admin can perform all operations
  @@allow('read', auth().role != null) // Any logged-in user can read user data
  @@allow('create, update, delete', auth().id == id) // Users can manage their own data

  @@deny('delete', auth().id == id) // Admin cannot delete their own record
}

• req.user type :

import { User as PrismaUser, Teacher } from "@prisma/client";

declare global {
    // eslint-disable-next-line @typescript-eslint/no-namespace
    namespace Express {
        // eslint-disable-next-line @typescript-eslint/no-empty-object-type
         interface User extends PrismaUser {}
    }

}

Environment (please complete the following information):

• ZenStack version: 2.4.1
• Prisma version: 5.18.0
• Database type: Postgresql

Additional context
Add any other context about the problem here.

[ymc9]

Hi @issam-seghir , the teacher field is required in the generated enhance function because it's used in the access policies. ZenStack does this for an extra type checking to indicate the user object passed to enhance is not sufficient.

[ymc9]

I'm closing this issue for now as by-design, but please let me know if you have a different opinion. Thanks!