fix: 🐛 correct store permissions for chained queries

dennemark · Oct 29, 2024 · fcbd014 · fcbd014
1 parent e889ff2
commit fcbd014
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/applyRuleRelationsQuery.ts b/src/applyRuleRelationsQuery.ts
@@ -175,7 +175,7 @@ function getNestedQueryRelations(args: any, abilities: PureAbility<AbilityTuple,
 
             if (relationField) {
               const nestedQueryRelations = {
-                ...getNestedQueryRelations(args[method][relation], abilities, 'read', relationField.type as Prisma.ModelName),
+                ...getNestedQueryRelations(args[method][relation], abilities, action === 'all' ? 'all' : 'read', relationField.type as Prisma.ModelName),
                 ...(queryRelations[relation]?.select ?? {})
               }
               if (nestedQueryRelations && Object.keys(nestedQueryRelations).length > 0) {

diff --git a/test/extension.test.ts b/test/extension.test.ts
@@ -1996,7 +1996,7 @@ describe('prisma extension casl', () => {
                 useCaslAbilities(builderFactory, { permissionField: 'casl' })
             )
             const result = await client.post.findUnique({ where: { id: 0 } }).author()
-            expect(result).toEqual({ email: '0', id: 0, casl: ['create', 'read'] })
+            expect(result).toEqual({ email: '0', id: 0, casl: ['create', 'read', 'update', 'delete'] })
         })
     })