Closed
Description
Description and expected behavior
Currently I'm running into an issue with zenstack authorization and prisma extensions. The problem is like so:
Approach 1:
1. extend base prisma client (add custom methods that rely on other prisma calls)
2. pass extended prisma client to enhance()
^ custom methods are not authorized, (base methods working)
Approach 2 (what I would think should work):
1. pass base prisma client to enhance()
2. extend the enhanced zenstack client
^ custom methods are authorized, all base methods (findFirst, findMany) lose authorization
I have a prisma extension like so:
export const extendPrismaClient = (db: PrismaClient) =>
db.$extends({
model: {
blogs: {
findManyListView: (
args: Parameters<typeof db.blogs.findMany>[0],
) => {
return db.blogs.findMany({
...args,
include: {
// extra stuff
},
});
},
},
},
});and then, to generate my zenstack client:
const getPrisma = () => {
const session = await auth();
const zenClient = enhance(prismaClient, {
user: (_session?.user || undefined) as any,
});
return extendPrismaClient(zenClient);
}^ If I extend my zenstack client (after enhancing), my authorization rules stop working, EXCEPT for my custom function
If I extend my prisma client, and pass that to enhance(), normal prisma functions are authorized, but my extended function is not.