New Features
1. Field-level access policies
You can now use @allow and @deny attributes to attach access policies to fields (for "read" and "update" operations" only). Non-readable fields will be omitted when returned, and non-updatable fields will cause rejection if they're included as part of an update.
E.g.:
model Post {
id Int @id
private Boolean @default(false)
title String @allow("read", !private)
}More details here.
2. Comparing fields in access policy rules
You can now compare fields (of the current model) in access policy rules. Such comparison is compiled down to Prisma's field reference.
E.g.:
model Foo {
id Int @id
x Int
y Int
@@allow("read", x > y)
}3. Access policies support for Prisma Pulse
If you use an enhanced client to subscribe to Prisma Pulse events, the subscription will also be injected (with "read" policy rules) so that only readable events will be notified.
Fixes and Improvements
- Zode code generation issue when there're multiple fields of the same enum type #632
- Policy injection accidentally overwrites user-provided filters #634
- Incorrect typing of generated policy definitions #639
- Incorrect code generation for models not using Pascal casing
Btw, Prisma 5.2 has been released, and ZenStack now fully supports this version. If you're using Prisma 5, please make sure to upgrade.
Full Changelog: v1.0.0-beta.18...v1.0.0-beta.20