fix: wrong query guard generated when context user doesn't have an id

README.md

@@ -272,7 +272,7 @@ export const getServerSideProps: GetServerSideProps = async () => {
 
 ### [Database hosting considerations](/docs/ref/database-hosting-considerations.md)
 
-### [Setup logging](/docs/ref/setup-logging.md)
+### [Setting up logging](/docs/ref/setup-logging.md)
 
 ## Reach out to us for issues, feedback and ideas!
 

docs/ref/setup-logging.md

@@ -1,24 +1,24 @@
-# Setup Logging
+# Setting Up Logging
 
 ZenStack uses the following levels to control server-side logging:
 
-1. error
+-   error
 
     Error level logging
 
-1. warn
+-   warn
 
     Warning level logging
 
-1. info
+-   info
 
     Info level logging
 
-1. verbose
+-   verbose
 
     Verbose level logging
 
-1. query
+-   query
 
     Detailed database query logging
 
@@ -28,7 +28,24 @@ You can turn log levels on and off in `zenstack.config.json`:
 
 ```json
 {
-    "log": ["verbose", "info", "warn"]
+    "log": ["verbose", "info"]
+}
+```
+
+The settings shown above is an shorthand for:
+
+```json
+{
+    "log": [
+        {
+            "level": "verbose",
+            "emit": "stdout"
+        },
+        {
+            "level": "info",
+            "emit": "stdout"
+        }
+    ]
 }
 ```
 

package.json

@@ -1,6 +1,6 @@
 {
     "name": "zenstack-monorepo",
-    "version": "0.2.9",
+    "version": "0.2.10",
     "description": "",
     "scripts": {
         "build": "pnpm -r build",

packages/internal/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@zenstackhq/internal",
-    "version": "0.2.9",
+    "version": "0.2.10",
     "displayName": "ZenStack Internal Library",
     "description": "ZenStack internal runtime library. This package is for supporting runtime functionality of ZenStack and not supposed to be used directly.",
     "repository": {

packages/runtime/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@zenstackhq/runtime",
     "displayName": "ZenStack Runtime Library",
-    "version": "0.2.9",
+    "version": "0.2.10",
     "description": "This package contains runtime library for consuming client and server side code generated by ZenStack.",
     "repository": {
         "type": "git",

packages/schema/package.json

@@ -3,7 +3,7 @@
     "publisher": "zenstack",
     "displayName": "ZenStack Language Tools",
     "description": "ZenStack is a toolkit that simplifies full-stack development",
-    "version": "0.2.9",
+    "version": "0.2.10",
     "author": {
         "name": "ZenStack Team"
     },

packages/schema/src/generator/prisma/query-guard-generator.ts

@@ -160,7 +160,8 @@ export default class QueryGuardGenerator {
                 .addBody();
 
             func.addStatements(
-                `const user = context.user ?? { id: '${UNKNOWN_USER_ID}' };`
+                // make suer user id is always available
+                `const user = context.user?.id ? context.user : { ...context.user, id: '${UNKNOWN_USER_ID}' };`
             );
 
             // r = <guard object>;

samples/todo/package.json

@@ -1,6 +1,6 @@
 {
     "name": "todo",
-    "version": "0.2.9",
+    "version": "0.2.10",
     "private": true,
     "scripts": {
         "dev": "next dev",
@@ -17,8 +17,8 @@
     "dependencies": {
         "@heroicons/react": "^2.0.12",
         "@prisma/client": "^4.4.0",
-        "@zenstackhq/internal": "^0.2.9",
-        "@zenstackhq/runtime": "^0.2.9",
+        "@zenstackhq/internal": "^0.2.10",
+        "@zenstackhq/runtime": "^0.2.10",
         "bcryptjs": "^2.4.3",
         "daisyui": "^2.31.0",
         "moment": "^2.29.4",
@@ -42,6 +42,6 @@
         "postcss": "^8.4.16",
         "tailwindcss": "^3.1.8",
         "typescript": "^4.6.2",
-        "zenstack": "^0.2.9"
+        "zenstack": "^0.2.10"
     }
 }

tests/integration/tests/todo-e2e.test.ts

@@ -298,6 +298,26 @@ describe('Todo E2E Tests', () => {
         await list1CredClientUser1.get('/').expect(404);
     });
 
+    it('todo list with empty user id', async () => {
+        await createSpaceAndUsers();
+
+        await makeClient('/api/data/List', user1.id)
+            .post('/')
+            .send({
+                data: {
+                    id: 'list1',
+                    title: 'List 1',
+                    owner: { connect: { id: user1.id } },
+                    space: { connect: { id: space1.id } },
+                },
+            })
+            .expect(201);
+
+        await makeClient('/api/data/List', '')
+            .get('/')
+            .expect((resp) => expect(resp.body).toHaveLength(0));
+    });
+
     it('todo', async () => {
         await createSpaceAndUsers();
 

tests/integration/tests/utils.ts

@@ -52,7 +52,10 @@ export async function setup(schemaFile: string) {
 
             const options: RequestHandlerOptions = {
                 async getServerUser(req: NextApiRequest, res: NextApiResponse) {
-                    if (req.cookies.userId) {
+                    if (req.cookies.userId === '') {
+                        // simulate "undefined" user id
+                        return {} as { id: string};
+                    } else if (req.cookies.userId) {
                         return { id: req.cookies.userId };
                     } else {
                         return undefined;
@@ -108,7 +111,7 @@ export function makeClient(apiPath: string, userId?: string, queryArgs?: any) {
             prop: string | symbol,
             receiver: any
         ) {
-            if (!userId) {
+            if (userId === undefined) {
                 return Reflect.get(target, prop, receiver);
             }
 
@@ -119,6 +122,7 @@ export function makeClient(apiPath: string, userId?: string, queryArgs?: any) {
                 case 'del':
                 case 'delete':
                     return (url: string) => {
+                        // use userId cookie to simulate a logged in user
                         return target[prop](url).set('Cookie', [
                             `userId=${userId}`,
                         ]);