Added PrismaClient APIs
ZenStack's enhancement to PrismaClient not only alters its existing APIs' behavior, but also adds new APIs.
check
Scope
This API is added to each model in the PrismaClient.
The API is not supported on edge runtime (e.g., Cloudflare Workers or Vercel Edge). You'll get a runtime error when calling it.
Description
Checks if the current user is allowed to perform the specified operation on the model based on the access policies in ZModel. The check is done via pure logical inference and doesn't query the database.
Please refer to Checking Permissions Without Hitting the Database for more details.
Permission checking is an approximation and can be over-permissive. You MUST NOT trust it and circumvent the real access control mechanism (e.g., calling raw Prisma CRUD operations without further authorization checks).
Signature
type CheckArgs = {
/**
* The operation to check for
*/
operation: 'create' | 'read' | 'update' | 'delete';
/**
* The optional additional constraints to impose on the model fields
*/
where?: { ... };
}
check(args: CheckArgs): Promise<boolean>;
Example
const db = enhance(prisma, { user: getCurrentUser() });
// check if the current user can read published posts
await canRead = await db.post.check({
operation: 'read',
where: { published: true }
});