Skip to main content
Version: 2.x

Added PrismaClient APIs

ZenStack's enhancement to PrismaClient not only alters its existing APIs' behavior, but also adds new APIs.



This API is added to each model in the PrismaClient.


Checks if the current user is allowed to perform the specified operation on the model based on the access policies in ZModel. The check is done via pure logical inference and doesn't query the database.

Please refer to Checking Permissions Without Hitting the Database for more details.


Permission checking is an approximation and can be over-permissive. You MUST NOT trust it and circumvent the real access control mechanism (e.g., calling raw Prisma CRUD operations without further authorization checks).


type CheckArgs = {
* The operation to check for
operation: 'create' | 'read' | 'update' | 'delete';

* The optional additional constraints to impose on the model fields
where?: { ... };

check(args: CheckArgs): Promise<boolean>;


const db = enhance(prisma, { user: getCurrentUser() });

// check if the current user can read published posts
await canRead = await{
operation: 'read',
where: { published: true }
Feel free to ask questions, give feedback, or report issues.

Don't Spam

You can edit/delete your comments by going directly to the discussion, clicking on the 'comments' link below