Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prisma - support hasIntersection operation #52

Open
1 task done
fabianlocker opened this issue Oct 13, 2023 · 0 comments
Open
1 task done

Prisma - support hasIntersection operation #52

fabianlocker opened this issue Oct 13, 2023 · 0 comments

Comments

@fabianlocker
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Feature description

With Cerbos policies it is possible to check for intersections of list elements, and make decisions based on hasIntersection.
It would be a great addition to relational queries and scalar lists to support this operation also for the Query Plan Adapter for Prisma ORM.

E.g. Entities with scalar lists or one-to-many / many-to-many relations could be checked for common attributes between principal and resource definition.

What would the ideal solution look like to you?

It would be ideal if the hasIntersection operation could be handled like other supported operations.

Who it could look like as an inspiration:

Relational:

model Resource {
  id               String         @id @default(cuid())
  aString          String
  aNumber          Int
  aBool            Boolean
  ownedBy          User[]
  createdBy        User           @relation(fields: [creatorId], references: [id], name: "creator")
  creatorId        String
  nested           NestedResource @relation(fields: [nestedResourceId], references: [id])
  nestedResourceId String
  tags             Tag[].         // new tags relation field
}


model Tag {
  id        String @id @default(cuid())
  value     String
  resources Resource[] // new resources relation field
}

Scalar List: https://www.prisma.io/docs/concepts/components/prisma-client/working-with-fields/working-with-scalar-lists-arrays

model Resource {
  id               String         @id @default(cuid())
  aString          String
  aNumber          Int
  aBool            Boolean
  ownedBy          User[]
  createdBy        User           @relation(fields: [creatorId], references: [id], name: "creator")
  creatorId        String
  nested           NestedResource @relation(fields: [nestedResourceId], references: [id])
  nestedResourceId String
  tags             String[].         // new tags scalar list field
}

Cerbos Policy

# yaml-language-server: $schema=https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json

apiVersion: api.cerbos.dev/v1
resourcePolicy:
  version: default
  resource: resource
  rules:
    - actions:
        - "hasIntersection"
      effect: EFFECT_ALLOW
      roles:
        - USER
      condition:
        match: 
          expr: hasIntersection(request.resource.attr.tags, request.principal.attr.tags)

Principal:

principal: { id: "user1", roles: ["USER"], attributes: {tags: ["Tag-1", "Tag-2"]} },

The resulting Prisma filter objects should look like:

Relational:

prisma.resource.findMany({
  where: { tags: { some: {name: in: ["Tag-1", "Tag-2"] } } },
})

Scalar List:

prisma.resource.findMany({
  where: { tags: { has: ["Tag-1", "Tag-2"] } },
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fabianlocker