Skip to content

Prisma extensions break zenstack authorization #1859

New issue
New issue
Closed
Closed
Prisma extensions break zenstack authorization#1859
Labels
in-progress
Milestone
v2.9.0
@JoeRoddy

Description

@JoeRoddy
JoeRoddy
opened on Nov 14, 2024

Description and expected behavior
Currently I'm running into an issue with zenstack authorization and prisma extensions. The problem is like so:

Approach 1:

1. extend base prisma client (add custom methods that rely on other prisma calls)
2. pass extended prisma client to enhance()
^ custom methods are not authorized, (base methods working)

Approach 2 (what I would think should work):

1. pass base prisma client to enhance()
2. extend the enhanced zenstack client
^ custom methods are authorized, all base methods (findFirst, findMany) lose authorization

I have a prisma extension like so:

export const extendPrismaClient = (db: PrismaClient) =>
  db.$extends({
    model: {
      blogs: {
        findManyListView: (
          args: Parameters<typeof db.blogs.findMany>[0],
        ) => {
          return db.blogs.findMany({
            ...args,
            include: {
              // extra stuff
            },
          });
        },
      },
    },
  });

and then, to generate my zenstack client:

const getPrisma = () => {
  const session = await auth();
  const zenClient = enhance(prismaClient, {
    user: (_session?.user || undefined) as any,
  });

  return extendPrismaClient(zenClient);
}

^ If I extend my zenstack client (after enhancing), my authorization rules stop working, EXCEPT for my custom function

If I extend my prisma client, and pass that to enhance(), normal prisma functions are authorized, but my extended function is not.

Metadata

Metadata

Assignees

No one assigned

    Labels

    in-progress

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions