[Bug] Nested create in update fails policy check from parent field-level update policy on unique field

[Gabrola]

Description and expected behavior

model Page {
    id String @id @default(cuid())
    title String
    
    images Image[]
    
    @@allow('all', true)
}

model Image {
    id String @id @default(cuid()) @deny('update', true)
    url String
    pageId String?
    page Page? @relation(fields: [pageId], references: [id])
    
    @@allow('all', true)
}

const image = await db.image.create({
    data: {
        url: 'https://example.com/image.png',
    },
});

await db.image.update({
    where: { id: image.id },
    data: {
        page: {
            create: {
                title: 'Page 1',
            },
        },
    },
})

PrismaClientKnownRequestError: denied by policy: Image entities failed 'update' check, entity {"id":"cm7igj9v700004hmokes3ouxz"} failed update policy check for field "id"

This shouldn't error as the id field has not been updated here

Environment:

• ZenStack version: 2.11.6

[ymc9]

Thank you for creating this @Gabrola . I'll look into it.