-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathschema.zmodel
102 lines (81 loc) · 2.57 KB
/
schema.zmodel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
// This is your Prisma schema file,
// learn more about it in the docs: https://pris.ly/d/prisma-schema
generator client {
provider = "prisma-client-js"
}
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
}
plugin reactHooks {
provider = '@zenstackhq/react'
output = './src/lib/hooks'
}
// Necessary for Next auth
model Account {
id String @id @default(cuid())
userId String
type String
provider String
providerAccountId String
refresh_token String? // @db.Text
access_token String? // @db.Text
expires_at Int?
token_type String?
scope String?
id_token String? // @db.Text
session_state String?
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
@@unique([provider, providerAccountId])
}
model User {
id String @id @default(cuid())
name String?
email String? @unique
emailVerified DateTime?
image String?
accounts Account[]
spaces SpaceUser[]
password String? @password @omit
// can be created by anyone, even not logged in
@@allow('create', true)
// can be read by users sharing any space
@@allow('read', spaces?[space.members?[user == auth()]])
// full access by oneself
@@allow('all', auth() == this)
}
model Space {
id String @id @default(uuid())
name String @length(4, 50)
slug String @unique @regex('^[0-9a-zA-Z]{4,16}$')
members SpaceUser[]
// require login
@@deny('all', auth() == null)
// everyone can create a space
@@allow('create', true)
// any user in the space can read the space
@@allow('read', members?[user == auth()])
// space admin can update and delete
@@allow('update,delete', members?[user == auth() && role == ADMIN])
}
/*
* Model representing membership of a user in a space
*/
model SpaceUser {
id String @id @default(uuid())
space Space @relation(fields:[spaceId], references: [id], onDelete: Cascade)
spaceId String
user User @relation(fields: [userId], references: [id], onDelete: Cascade)
userId String
role SpaceUserRole
// require login
@@deny('all', auth() == null)
// space admin can create/update/delete
@@allow('create,update,delete', space.members?[user == auth() && role == ADMIN])
// user can read entries for spaces which he's a member of
@@allow('read', space.members?[user == auth()])
}
enum SpaceUserRole {
USER
ADMIN
}