add owner to Space, fix "create" policy for SpaceUser

Author: ymc9

next.config.js

@@ -3,7 +3,11 @@ const nextConfig = {
     reactStrictMode: true,
     swcMinify: true,
     images: {
-        domains: ['picsum.photos', 'lh3.googleusercontent.com', 'avatars.githubusercontent.com'],
+        remotePatterns: [
+            { hostname: 'picsum.photos' },
+            { hostname: 'lh3.googleusercontent.com' },
+            { hostname: 'avatars.githubusercontent.com' },
+        ],
     },
 };
 

package-lock.json

@@ -21,14 +21,14 @@
     "dependencies": {
         "@heroicons/react": "^2.0.12",
         "@next-auth/prisma-adapter": "^1.0.5",
-        "@prisma/client": "^5.20.0",
+        "@prisma/client": "^6.1.0",
         "@tanstack/react-query": "^5.55.0",
         "@trpc/client": "^11.0.0-rc.502",
         "@trpc/next": "^11.0.0-rc.502",
         "@trpc/react-query": "^11.0.0-rc.502",
         "@trpc/server": "^11.0.0-rc.502",
-        "@zenstackhq/runtime": "^2.9.4",
-        "@zenstackhq/trpc": "^2.9.4",
+        "@zenstackhq/runtime": "^2.10.2",
+        "@zenstackhq/trpc": "^2.10.2",
         "babel-plugin-superjson-next": "^0.4.5",
         "bcryptjs": "^2.4.3",
         "cross-env": "^7.0.3",
@@ -41,7 +41,7 @@
         "react-dom": "18.2.0",
         "react-toastify": "^9.0.8",
         "superjson": "^1.12.0",
-        "zod": "3.21.1"
+        "zod": "^3.24.1"
     },
     "devDependencies": {
         "@tailwindcss/line-clamp": "^0.4.2",
@@ -53,9 +53,9 @@
         "eslint": "^7.19.0",
         "eslint-config-next": "12.3.1",
         "postcss": "^8.4.16",
-        "prisma": "^5.20.0",
+        "prisma": "^6.1.0",
         "tailwindcss": "^3.1.8",
         "typescript": "^5.3.2",
-        "zenstack": "^2.9.4"
+        "zenstack": "^2.10.2"
     }
 }

package.json

@@ -64,11 +64,14 @@ export const authOptions: NextAuthOptions = {
                 return;
             }
 
-            console.log(`User ${user.id} doesn't belong to any space. Creating one.`);
+            console.log(
+                `User ${user.id} doesn't belong to any space. Creating one.`
+            );
             const space = await prisma.space.create({
                 data: {
                     name: `${user.name || user.email}'s space`,
                     slug: nanoid(8),
+                    owner: { connect: { id: user.id } },
                     members: {
                         create: [
                             {
@@ -85,7 +88,9 @@ export const authOptions: NextAuthOptions = {
 };
 
 function authorize(prisma: PrismaClient) {
-    return async (credentials: Record<'email' | 'password', string> | undefined) => {
+    return async (
+        credentials: Record<'email' | 'password', string> | undefined
+    ) => {
         if (!credentials) {
             throw new Error('Missing credentials');
         }

pages/api/auth/[...nextauth].ts

@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - Added the required column `ownerId` to the `Space` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "Space" ADD COLUMN     "ownerId" TEXT NOT NULL;
+
+-- AddForeignKey
+ALTER TABLE "Space" ADD CONSTRAINT "Space_ownerId_fkey" FOREIGN KEY ("ownerId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

prisma/migrations/20241222141755_add_space_owner/migration.sql

@@ -1,3 +1,3 @@
 # Please do not edit this file manually
-# It should be added in your version-control system (i.e. Git)
+# It should be added in your version-control system (e.g., Git)
 provider = "postgresql"

prisma/migrations/migration_lock.toml

@@ -22,6 +22,8 @@ model Space {
   id        String      @id() @default(uuid())
   createdAt DateTime    @default(now())
   updatedAt DateTime    @updatedAt()
+  owner     User        @relation(fields: [ownerId], references: [id], onDelete: Cascade)
+  ownerId   String
   name      String
   slug      String      @unique()
   members   SpaceUser[]
@@ -49,7 +51,8 @@ model User {
   emailVerified DateTime?
   password      String?
   name          String?
-  spaces        SpaceUser[]
+  ownedSpaces   Space[]
+  memberships   SpaceUser[]
   image         String?
   lists         List[]
   todos         Todo[]

prisma/schema.prisma

@@ -39,6 +39,8 @@ model Space {
     id        String      @id @default(uuid())
     createdAt DateTime    @default(now())
     updatedAt DateTime    @updatedAt
+    owner     User        @relation(fields: [ownerId], references: [id], onDelete: Cascade)
+    ownerId   String      @default(auth().id)
     name      String      @length(4, 50)
     slug      String      @unique @regex('^[0-9a-zA-Z]{4,16}$')
     members   SpaceUser[]
@@ -74,8 +76,11 @@ model SpaceUser {
     // require login
     @@deny('all', auth() == null)
 
-    // space admin can create/update/delete
-    @@allow('create,update,delete', space.members?[user == auth() && role == ADMIN])
+    // space owner can add any one
+    @@allow('create', space.owner == auth())
+    
+    // space admin can add anyone but not himself
+    @@allow('create', auth() != this.user && space.members?[user == auth() && role == ADMIN])
 
     // user can read entries for spaces which he's a member of
     @@allow('read', space.members?[user == auth()])
@@ -92,7 +97,8 @@ model User {
     emailVerified DateTime?
     password      String?     @password @omit
     name          String?
-    spaces        SpaceUser[]
+    ownedSpaces   Space[]
+    memberships   SpaceUser[]
     image         String?     @url
     lists         List[]
     todos         Todo[]
@@ -104,7 +110,7 @@ model User {
     @@allow('create', true)
 
     // can be read by users sharing any space
-    @@allow('read', spaces?[space.members?[user == auth()]])
+    @@allow('read', memberships?[space.members?[user == auth()]])
 
     // full access by oneself
     @@allow('all', auth() == this)

schema.zmodel

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/client/Account.next.type.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/client/List.next.type.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/client/Space.next.type.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/client/SpaceUser.next.type.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/client/Todo.next.type.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/client/User.next.type.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/client/next.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/client/utils.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/helper.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/routers/Account.router.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/routers/List.router.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/routers/Space.router.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/routers/SpaceUser.router.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/routers/Todo.router.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/routers/User.router.ts

@@ -1,5 +1,5 @@
 /******************************************************************************
-* This file was generated by ZenStack CLI 2.9.4.
+* This file was generated by ZenStack CLI.
 ******************************************************************************/
 
 /* eslint-disable */

server/routers/generated/routers/index.ts

@@ -7,7 +7,7 @@ module.exports = {
     theme: {
         extend: {},
     },
-    plugins: [require('daisyui'), require('@tailwindcss/line-clamp')],
+    plugins: [require('daisyui')],
     daisyui: {
         themes: false,
     },