-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathschema.zmodel
95 lines (86 loc) · 2.61 KB
/
schema.zmodel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
datasource db {
provider="sqlite"
url="file:./dev.db"
}
generator client {
provider = "prisma-client-js"
}
/**
* Model for a user
*/
model User {
id String @id @default(uuid())
email String @unique
password String? @password @omit
name String?
orgs Organization[]
posts Post[]
groups Group[]
// can be created by anyone, even not logged in
@@allow('create', true)
// can be read by users in the same organization
@@allow('read', orgs?[members?[auth() == this]])
// full access by oneself
@@allow('all', auth() == this)
}
/**
* Model for a organization
*/
model Organization {
id String @id @default(uuid())
name String
members User[]
post Post[]
groups Group[]
// everyone can create a organization
@@allow('create', true)
// any user in the organization can read the organization
@@allow('read', members?[auth().id == id])
}
/**
* Base model for all entites in a organization
*/
abstract model organizationBaseEntity {
id String @id @default(uuid())
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt
isDeleted Boolean @default(false) @omit
isPublic Boolean @default(false)
owner User @relation(fields: [ownerId], references: [id], onDelete: Cascade)
ownerId String
org Organization @relation(fields: [orgId], references: [id], onDelete: Cascade)
orgId String
groups Group[]
// when create, owner must be set to current user, and user must be in the organization
@@allow('create', owner == auth() && org.members?[id == auth().id])
// only the owner can update it and is not allowed to change the owner
@@allow('update', owner == auth() && org.members?[id == auth().id] && future().owner == owner)
// allow owner to read
@@allow('read', owner == auth())
// allow shared group members to read it
@@allow('read', groups?[users?[id == auth().id]])
// allow organization to access if public
@@allow('read', isPublic && org.members?[id == auth().id])
// can not be read if deleted
@@deny('all', isDeleted == true)
}
/**
* Model for a post
*/
model Post extends organizationBaseEntity {
title String
content String
}
/**
* Model for a group
*/
model Group {
id String @id @default(uuid())
name String
users User[]
posts Post[]
org Organization @relation(fields: [orgId], references: [id])
orgId String
// group is shared by organization
@@allow('all', org.members?[auth().id == id])
}