Fullstack TypeScript toolkit that enhances Prisma ORM with flexible Authorization layer for RBAC/ABAC/PBAC/ReBAC, offering auto-generated type-safe APIs and frontend hooks.
MIT License
Bot releases are visible (Hide)
Published by ymc9 9 months ago
VSCode extension and JetBrains plugin now support better auto-completion
There's auto-completion inside attributes now. It's not perfect, but it should be a pretty big improvement compared to previous versions. Having accurate contextual auto-completion still requires quite some work, and we'll continue improving it down the road. Please let use know your pain points!
@default
attribute #947 by @chunkerchunkerWhile gradually wrapping up the V1 track, we're making some good progressing on experimenting polymorphism in V2 branch. Please stay tuned for updates.
Welcome @bbozzay and @chunkerchunker to becoming warmhearted contributors! Thank you for making ZenStack a better toolkit!
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.6.2...v1.7.0
Published by ymc9 9 months ago
withPolicy
, withPassword
, withOmit
, withPreset
. They'll be removed in V2.Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.6.1...v1.6.2
Published by ymc9 10 months ago
nanoid()
attribute function supported by Prisma #923 by @dikyargaauth()
is accessed with multi-level member access #921Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.6.0...v1.6.1
Published by ymc9 10 months ago
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.5.0...v1.6.0
Published by ymc9 10 months ago
You can now specify the location of ZModel file in "package.json" in your project. #878
{
...
"zenstack": { "schema": "./db/schema.zmodel" }
}
The zenstack
CLI recognizes this setting and will use it as default if it's set.
Field-level access policies can be configured to override model-level ones #809 docs
--config
option from CLI docs since it doesn't do anything today.Welcome @sitch as our new contributor β€οΈ!
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.4.0...v1.5.0
Published by ymc9 11 months ago
SWR plugin now generates mutation as hooks (they were plain async functions in the previous versions) and supports automatic optimistic update docs
Old mutation usage:
const { createPost } = useMutatePost();
async function onCreate() {
await createPost(...);
}
New mutation hooks:
const { trigger: create, isMutating } = useCreatePost();
function onCreate() {
create(...);
}
New zenstack format
CLI command for formatting ZModel files. Useful for people who are using non-VSCode IDE.
Field-level access policy for "update" and "all" kinds are not allowed on relation fields anymore. It wasn't clear if the rule guards updates to the relation or the entity linked by the relation. To guard the update of a relation, put rules on the foreign key fields instead. I.e., change:
model Post {
...
author User @relation(fields: [authorId], references: [id]) @allow('update', ...)
authorId String
}
to:
model Post {
...
author User @relation(fields: [authorId], references: [id])
authorId String @allow('update', ...)
}
auth()
cannot be resolved when User
model is marked @@ignore
#840Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.3.2...v1.4.0
Published by ymc9 11 months ago
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.3.1...v1.3.2
Published by ymc9 11 months ago
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.3.0...v1.3.1
Published by ymc9 11 months ago
zenstack repl
command. Use it to interactively call PrismaClient methods, with or without ZenStack enhancement. doc.auth()
expression now. E.g.: @@allow('update', auth().roles?[permission == ADMIN])
. Note that you still need to make sure the user context object you passed to enhance()
include all fields (recursively) used in the expression. #803@db.TinyInt
attribute by @elsantoalcielo in #821Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.2.2...v1.3.0
Published by ymc9 11 months ago
Published by ymc9 12 months ago
Thanks @jasonmacdonald for filing the bug and creating the initial fix!
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.2.0...v1.2.1
Published by ymc9 12 months ago
@@auth
attribute) to resolve auth()
function in access policies. Previously it was required to have a model named "User". #774VSCode extension: make ZModel's syntax highlighting more consistent with Prisma extension #791
Improved automatic query invalidation for TanStack Query and SWR hooks. #698
Upon mutation, queries with nested read will also be invalidated if the nested reading part is potentially affected by the mutation.
E.g., creating a Post
will invalidate queries like useFindUniqueUser({ where: { id }, include: { posts: true } })
.
Upon deletion, "cascade" relation settings will be respected, and queries involving models that're indirectly deleted due to cascade will also be invalidated.
E.g., creating a User
will invalidate queries like useFindManyPost()
if the User
<-> Post
relation specifies cascade deletion.
A getQueryKey
helper function is generated together with TanStack/SWR hooks for computing the query key given a query operation and args. #697
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.1.1...v1.2.0
Published by ymc9 12 months ago
undefined
valuesFull Changelog: https://github.com/zenstackhq/zenstack/compare/v1.1.0...v1.1.1
Published by ymc9 about 1 year ago
@zenstackhq/tanstack-query
plugin now supports "vue" target. You can use it with the Nuxt server adapter for Vue.js-based full-stack development docs. Checkout the todo sample.Max
enum declaration and extra parameter to the @default
attribute for MSSQL #724helper.ts
#753Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.0.2...v1.1.0
Published by ymc9 about 1 year ago
zenstack
package to @zenstackhq/runtime
.Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.0.1...v1.0.2
Published by ymc9 about 1 year ago
Yes, ZenStack is V1 now π!
create
inside update
#714==
, !=
) #704This marks our first stable release π! Thank everyone for the great support along the way!
What's next?
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.0.0-beta.23...v1.0.1
Published by ymc9 about 1 year ago
@zenstackhq/tanstack-query
and @zenstackhq/swr
plugins now generate Infinite findMany
queries for supporting easier pagination. See documentation for tanstack-query and swr.count
result when complex policy conditions and where filters are mixed #689zenstack generate
command now gives a warning if ZenStack packages of mismatched versions are detected #547zenstack generate
command now checks for newer versions and prompts #175enhance
API now has a new loadPath
option to load model metadata, policies and zod schemas from a custom location.A big β€οΈ THANK YOU β€οΈ for the great contribution from @tlancina and @NeoN0x !
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.0.0-beta.21...v1.0.0-beta.23
Published by ymc9 about 1 year ago
@zenstackhq/runtime/zod/objects
#647 - by @abdullahahmedacount
procedure #618@zenstackhq/server
how has explicit "exports" in package.json, making it more friendly to bundlers - by @krist7599555@gt
etc.) are used on Decimal fields #657zenstack_guard
and zenstack_transaction
) previously generated into Prisma schema are finally removed!this
keyword is used in field-level policy rules #665Big β€οΈ THANK YOU β€οΈ to our amazing new contributors! @mateus-p @abdullahahmeda @krist7599555
We're very close to a V1 release now!!!
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.0.0-beta.20...v1.0.0-beta.21
Published by ymc9 about 1 year ago
You can now use @allow
and @deny
attributes to attach access policies to fields (for "read" and "update" operations" only). Non-readable fields will be omitted when returned, and non-updatable fields will cause rejection if they're included as part of an update.
E.g.:
model Post {
id Int @id
private Boolean @default(false)
title String @allow("read", !private)
}
More details here.
You can now compare fields (of the current model) in access policy rules. Such comparison is compiled down to Prisma's field reference.
E.g.:
model Foo {
id Int @id
x Int
y Int
@@allow("read", x > y)
}
If you use an enhanced client to subscribe to Prisma Pulse events, the subscription will also be injected (with "read" policy rules) so that only readable events will be notified.
Btw, Prisma 5.2 has been released, and ZenStack now fully supports this version. If you're using Prisma 5, please make sure to upgrade.
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.0.0-beta.18...v1.0.0-beta.20
Published by ymc9 about 1 year ago
create
call when policy rules reference foreign keys #627Related to the fix to issue #599 , previously if you call enhance
(or withPolicy
) with a user context without id field like:
const db = enhance(prisma, { user: {} });
it worked as if you passed in undefined
user, and the policy engine treated it like an anonymous user. This behavior caused some users to accidentally provide anonymous users without being aware of it.
With the fix, such a call will result in an error thrown, complaining that you must pass in id fields. To represent an anonymous user, you can pass undefined
user or an undefined
context:
const db = enhance(prisma);
Full Changelog: https://github.com/zenstackhq/zenstack/compare/v1.0.0-beta.16...v1.0.0-beta.18