From fcbd0142f29d9a5b1d0a02391d7d45f59a6bfeec Mon Sep 17 00:00:00 2001
From: dennemark <martin@formfollowsyou.com>
Date: Tue, 29 Oct 2024 13:26:54 +0100
Subject: [PATCH] fix: :bug: correct store permissions for chained queries

---
 src/applyRuleRelationsQuery.ts | 2 +-
 test/extension.test.ts         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/applyRuleRelationsQuery.ts b/src/applyRuleRelationsQuery.ts
index 04a6623..21ea7a3 100644
--- a/src/applyRuleRelationsQuery.ts
+++ b/src/applyRuleRelationsQuery.ts
@@ -175,7 +175,7 @@ function getNestedQueryRelations(args: any, abilities: PureAbility<AbilityTuple,
 
             if (relationField) {
               const nestedQueryRelations = {
-                ...getNestedQueryRelations(args[method][relation], abilities, 'read', relationField.type as Prisma.ModelName),
+                ...getNestedQueryRelations(args[method][relation], abilities, action === 'all' ? 'all' : 'read', relationField.type as Prisma.ModelName),
                 ...(queryRelations[relation]?.select ?? {})
               }
               if (nestedQueryRelations && Object.keys(nestedQueryRelations).length > 0) {
diff --git a/test/extension.test.ts b/test/extension.test.ts
index 9ba2f10..fa40f42 100644
--- a/test/extension.test.ts
+++ b/test/extension.test.ts
@@ -1996,7 +1996,7 @@ describe('prisma extension casl', () => {
                 useCaslAbilities(builderFactory, { permissionField: 'casl' })
             )
             const result = await client.post.findUnique({ where: { id: 0 } }).author()
-            expect(result).toEqual({ email: '0', id: 0, casl: ['create', 'read'] })
+            expect(result).toEqual({ email: '0', id: 0, casl: ['create', 'read', 'update', 'delete'] })
         })
     })