add owner to Space, fix "create" policy for SpaceUser

ymc9 · ymc9 · commit a9b0416054dc · 2024-12-22T21:44:09.000+08:00
diff --git a/app/api/model/[...path]/route.ts b/app/api/model/[...path]/route.ts
@@ -6,7 +6,12 @@ import { prisma } from 'server/db';
 // create an enhanced Prisma client with user context
 async function getPrisma() {
     const authObj = await auth();
-    return enhance(prisma, { user: authObj?.user });
+    if (authObj?.user) {
+        const user = await prisma.user.findUnique({ where: { id: authObj.user.id }, include: { memberships: true } });
+        return enhance(prisma, { user });
+    } else {
+        return enhance(prisma, { user: authObj?.user });
+    }
 }
 
 const handler = NextRequestHandler({ getPrisma, useAppDir: true });
diff --git a/lib/hooks/__model_meta.ts b/lib/hooks/__model_meta.ts
@@ -22,6 +22,20 @@ const metadata = {
                     name: "updatedAt",
                     type: "DateTime",
                     attributes: [{ "name": "@updatedAt", "args": [] }],
+                }, owner: {
+                    name: "owner",
+                    type: "User",
+                    isDataModel: true,
+                    backLink: 'ownedSpaces',
+                    isRelationOwner: true,
+                    foreignKeyMapping: { "id": "ownerId" },
+                }, ownerId: {
+                    name: "ownerId",
+                    type: "String",
+                    attributes: [{ "name": "@default", "args": [] }],
+                    defaultValueProvider: $default$Space$ownerId,
+                    isForeignKey: true,
+                    relationField: 'owner',
                 }, name: {
                     name: "name",
                     type: "String",
@@ -85,7 +99,7 @@ const metadata = {
                     name: "user",
                     type: "User",
                     isDataModel: true,
-                    backLink: 'spaces',
+                    backLink: 'memberships',
                     isRelationOwner: true,
                     foreignKeyMapping: { "id": "userId" },
                 }, userId: {
@@ -140,8 +154,14 @@ const metadata = {
                     name: "name",
                     type: "String",
                     isOptional: true,
-                }, spaces: {
-                    name: "spaces",
+                }, ownedSpaces: {
+                    name: "ownedSpaces",
+                    type: "Space",
+                    isDataModel: true,
+                    isArray: true,
+                    backLink: 'owner',
+                }, memberships: {
+                    name: "memberships",
                     type: "SpaceUser",
                     isDataModel: true,
                     isArray: true,
@@ -384,12 +404,16 @@ const metadata = {
     ,
     deleteCascade: {
         space: ['SpaceUser', 'List'],
-        user: ['SpaceUser', 'List', 'Todo', 'Account'],
+        user: ['Space', 'SpaceUser', 'List', 'Todo', 'Account'],
         list: ['Todo'],
     }
     ,
     authModel: 'User'
 };
+function $default$Space$ownerId(user: any): unknown {
+    return user?.id;
+}
+
 function $default$List$ownerId(user: any): unknown {
     return user?.id;
 }
diff --git a/lib/hooks/space.ts b/lib/hooks/space.ts
@@ -328,7 +328,7 @@ export function useSuspenseCountSpace<TArgs extends Prisma.SpaceCountArgs, TQuer
     return useSuspenseModelQuery<TQueryFnData, TData, TError>('Space', `${endpoint}/space/count`, args, options, fetch);
 }
 
-export function useCheckSpace<TError = DefaultError>(args: { operation: PolicyCrudKind; where?: { id?: string; name?: string; slug?: string }; }, options?: (Omit<UseQueryOptions<boolean, TError, boolean>, 'queryKey'> & ExtraQueryOptions)) {
+export function useCheckSpace<TError = DefaultError>(args: { operation: PolicyCrudKind; where?: { id?: string; ownerId?: string; name?: string; slug?: string }; }, options?: (Omit<UseQueryOptions<boolean, TError, boolean>, 'queryKey'> & ExtraQueryOptions)) {
     const { endpoint, fetch } = getHooksContext();
     return useModelQuery<boolean, boolean, TError>('Space', `${endpoint}/space/check`, args, options, fetch);
 }
diff --git a/prisma/migrations/20241222133651_add_space_owner/migration.sql b/prisma/migrations/20241222133651_add_space_owner/migration.sql
@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - Added the required column `ownerId` to the `Space` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "Space" ADD COLUMN     "ownerId" TEXT NOT NULL;
+
+-- AddForeignKey
+ALTER TABLE "Space" ADD CONSTRAINT "Space_ownerId_fkey" FOREIGN KEY ("ownerId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
@@ -22,6 +22,8 @@ model Space {
   id        String      @id() @default(uuid())
   createdAt DateTime    @default(now())
   updatedAt DateTime    @updatedAt()
+  owner     User        @relation(fields: [ownerId], references: [id], onDelete: Cascade)
+  ownerId   String
   name      String
   slug      String      @unique()
   members   SpaceUser[]
@@ -49,7 +51,8 @@ model User {
   emailVerified DateTime?
   password      String?
   name          String?
-  spaces        SpaceUser[]
+  ownedSpaces   Space[]
+  memberships   SpaceUser[]
   image         String?
   lists         List[]
   todos         Todo[]
diff --git a/schema.zmodel b/schema.zmodel
@@ -42,6 +42,8 @@ model Space {
     id        String      @id @default(uuid())
     createdAt DateTime    @default(now())
     updatedAt DateTime    @updatedAt
+    owner     User        @relation(fields: [ownerId], references: [id], onDelete: Cascade)
+    ownerId   String      @default(auth().id)
     name      String      @length(4, 50)
     slug      String      @unique @regex('^[0-9a-zA-Z]{4,16}$')
     members   SpaceUser[]
@@ -77,8 +79,14 @@ model SpaceUser {
     // require login
     @@deny('all', auth() == null)
 
-    // space admin can create/update/delete
-    @@allow('create,update,delete', space.members?[user == auth() && role == ADMIN])
+    // space owner can add any one
+    @@allow('create', space.owner == auth())
+    
+    // space admin can add anyone but not himself
+    @@allow('create', auth() != this.user && space.members?[user == auth() && role == ADMIN])
+
+    // space admin can update and delete
+    @@allow('update,delete', space.members?[user == auth() && role == ADMIN])
 
     // user can read entries for spaces which he's a member of
     @@allow('read', space.members?[user == auth()])
@@ -95,7 +103,8 @@ model User {
     emailVerified DateTime?
     password      String?     @password @omit
     name          String?
-    spaces        SpaceUser[]
+    ownedSpaces   Space[]
+    memberships   SpaceUser[]
     image         String?     @url
     lists         List[]
     todos         Todo[]
@@ -107,7 +116,7 @@ model User {
     @@allow('create', true)
 
     // can be read by users sharing any space
-    @@allow('read', spaces?[space.members?[user == auth()]])
+    @@allow('read', memberships?[space.members?[user == auth()]])
 
     // full access by oneself
     @@allow('all', auth() == this)
diff --git a/server/auth.ts b/server/auth.ts
@@ -62,6 +62,7 @@ const authOptions: NextAuthConfig = {
                 data: {
                     name: `${user.name || user.email}'s space`,
                     slug: nanoid(8),
+                    owner: { connect: { id: user.id } },
                     members: {
                         create: [
                             {

Original file line number	Diff line number	Diff line change
`@@ -328,7 +328,7 @@ export function useSuspenseCountSpace<TArgs extends Prisma.SpaceCountArgs, TQuer`
`328`	`328`	return useSuspenseModelQuery<TQueryFnData, TData, TError>('Space', `${endpoint}/space/count`, args, options, fetch);
`329`	`329`	`}`
`330`	`330`
`331`		`-export function useCheckSpace<TError = DefaultError>(args: { operation: PolicyCrudKind; where?: { id?: string; name?: string; slug?: string }; }, options?: (Omit<UseQueryOptions<boolean, TError, boolean>, 'queryKey'> & ExtraQueryOptions)) {`
	`331`	`+export function useCheckSpace<TError = DefaultError>(args: { operation: PolicyCrudKind; where?: { id?: string; ownerId?: string; name?: string; slug?: string }; }, options?: (Omit<UseQueryOptions<boolean, TError, boolean>, 'queryKey'> & ExtraQueryOptions)) {`
`332`	`332`	`const { endpoint, fetch } = getHooksContext();`
`333`	`333`	return useModelQuery<boolean, boolean, TError>('Space', `${endpoint}/space/check`, args, options, fetch);
`334`	`334`	`}`
Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,7 @@ const authOptions: NextAuthConfig = {`
`62`	`62`	`data: {`
`63`	`63`	name: `${user.name \|\| user.email}'s space`,
`64`	`64`	`slug: nanoid(8),`
	`65`	`+ owner: { connect: { id: user.id } },`
`65`	`66`	`members: {`
`66`	`67`	`create: [`
`67`	`68`	`{`