What's Changed
- Fixed incorrect filter injection for nested reads #624
- Fixed incorrect injection to
createcall when policy rules reference foreign keys #627 - Added runtime check and throws error when creating enhanced PrismaClient with user context but the user object doesn't have id field(s) #599
Breaking Changes
Related to the fix to issue #599 , previously if you call enhance (or withPolicy) with a user context without id field like:
const db = enhance(prisma, { user: {} });it worked as if you passed in undefined user, and the policy engine treated it like an anonymous user. This behavior caused some users to accidentally provide anonymous users without being aware of it.
With the fix, such a call will result in an error thrown, complaining that you must pass in id fields. To represent an anonymous user, you can pass undefined user or an undefined context:
const db = enhance(prisma);Full Changelog: v1.0.0-beta.16...v1.0.0-beta.18