fix: using auth() in @default() is not effective for createManyAndReturn

[ymc9]

Fixes #1681

[coderabbitai]

Walkthrough

Walkthrough

The changes introduce a new action, createManyAndReturn, to the NestedWriteVisitor and associated classes, enhancing the functionality for creating multiple records in the Prisma database while returning the created records. The updates also involve modifications to the handling of create operations, ensuring that the new action is processed correctly within the existing authorization framework. Additionally, new tests are added to validate the functionality of both createMany and createManyAndReturn.

Changes

Files	Change Summary
packages/runtime/src/cross/nested-write-visitor.ts	Added a new case createManyAndReturn in the NestedWriteVisitor class's switch statement.
packages/runtime/src/cross/types.ts	Added the action 'createManyAndReturn' to the PrismaWriteActions array.
packages/runtime/src/enhancements/node/default-auth.ts	Updated preprocessArgs to include 'createManyAndReturn' in actionsOfInterest.
packages/runtime/src/enhancements/node/policy/handler.ts	Modified create operation handling to differentiate between createMany and createManyAndReturn, added new methods for decision making.
tests/integration/tests/enhancements/with-policy/auth.test.ts	Added tests for createMany and createManyAndReturn to validate their functionality and authorization.
tests/regression/tests/issue-1681.test.ts	Introduced tests to validate the functionality of creating users and posts, addressing regression issue #1681.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant API
    participant PolicyHandler
    participant NestedWriteVisitor
    participant Database

    User->>API: Request createManyAndReturn
    API->>PolicyHandler: Process request
    PolicyHandler->>NestedWriteVisitor: Handle createManyAndReturn
    NestedWriteVisitor->>Database: Create multiple records
    Database-->>NestedWriteVisitor: Return created records
    NestedWriteVisitor-->>PolicyHandler: Return created records
    PolicyHandler-->>API: Return created records
    API-->>User: Respond with created records

Loading

Assessment against linked issues

Objective	Addressed	Explanation
Ensure createManyAndReturn works correctly with createdBy default (1681)	✅
Validate handling of polymorphic models with createManyAndReturn (1681)	✅
Address regression issue related to createManyAndReturn (1681)	✅

Possibly related PRs

• feat(runtime): support for Prisma 5.14's createManyAndReturn #1479: Introduces the createManyAndReturn method in the PolicyProxyHandler, directly related to the new functionality.
• refactor: refactor policy definition and generation code #1468: Focuses on refactoring policy definitions, potentially impacting the handling of new actions.
• feat: allow comparing fields from different models in mutation policies #1476: Enhances policy checks which may affect the enforcement of policies during the new creation methods.
• fix(delegate): @omit and field-level policies are not enforced when querying with a delegate model #1718: Addresses access policies in delegate models, relevant to the new functionality for entity creation.
• fix(delegate): enforcing concrete model policies when read from a delegate base #1726: Ensures enforcement of policies when creating and retrieving entities, related to the changes made in this PR.

---

Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 08d8980 and 3c73c17.

Files selected for processing (1)

• packages/runtime/src/enhancements/node/policy/handler.ts (7 hunks)

Additional comments not posted (5)

packages/runtime/src/enhancements/node/policy/handler.ts (5)

518-538: LGTM!

The function correctly preprocesses the createMany and createManyAndReturn payload by checking if post-create checks are needed or if the payload contains relation fields. This is necessary to determine if the operation should be converted to regular creates.

---

540-556: LGTM!

The function correctly checks if the payload contains any relation fields by iterating over each item and field in the payload and checking if the field is a data model using the resolveField function from the model metadata.

---

Line range hint 585-623: LGTM!

The function correctly creates multiple entities in a transaction with post-create checks. The addition of the action parameter helps differentiate between createMany and createManyAndReturn for logging purposes. The logic for handling skipDuplicates and building the postWriteChecks array is implemented correctly.

---

Line range hint 439-453: LGTM!

The updates to the createMany function correctly handle the preprocessing of the payload and conditionally convert it to regular creates if needed. The use of preprocessCreateManyPayload and doCreateMany ensures that the entities are created correctly and post-create checks are performed when necessary.

---

Line range hint 475-511: LGTM!

The updates to the createManyAndReturn function correctly handle the preprocessing of the payload and conditionally convert it to regular creates if needed. The use of preprocessCreateManyPayload and doCreateMany ensures that the entities are created correctly and post-create checks are performed when necessary. The read-back processing and error handling are implemented correctly.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 738bba6 and 08d8980.

Files selected for processing (6)

• packages/runtime/src/cross/nested-write-visitor.ts (1 hunks)
• packages/runtime/src/cross/types.ts (1 hunks)
• packages/runtime/src/enhancements/node/default-auth.ts (1 hunks)
• packages/runtime/src/enhancements/node/policy/handler.ts (7 hunks)
• tests/integration/tests/enhancements/with-policy/auth.test.ts (4 hunks)
• tests/regression/tests/issue-1681.test.ts (1 hunks)

Additional comments not posted (11)

packages/runtime/src/cross/types.ts (1)

7-7: LGTM!

The addition of the 'createManyAndReturn' action to the PrismaWriteActions array is a valid change. It introduces a new type of write operation for creating multiple records and returning the created records. The change is consistent with the existing pattern and is well-documented in the AI-generated summary.

tests/regression/tests/issue-1681.test.ts (1)

3-28: LGTM!

The test case is well-structured and provides good coverage for the regression issue mentioned in the PR objectives. It validates the functionality of creating users and posts using the createMany and createManyAndReturn methods, and ensures that the authorId field of the Post model defaults to the ID of the authenticated user.

The test case follows a logical flow and uses appropriate assertions to validate the expected behavior. It enhances the schema with a user ID, creates a new user, and then verifies that posts can be created successfully with the correct authorId.

Overall, the test case is comprehensive and effectively addresses the regression issue.

packages/runtime/src/enhancements/node/default-auth.ts (1)

52-59: Approve adding 'createManyAndReturn' to actionsOfInterest.

The addition of 'createManyAndReturn' to the actionsOfInterest array is a logical extension of the DefaultAuthHandler's preprocessing functionality. This change allows the handler to process and potentially modify the write payload for the new createManyAndReturn action.

Verify that the preprocessWritePayload method correctly handles the createManyAndReturn action. Run the following script to check if createManyAndReturn is processed by the NestedWriteVisitor:

packages/runtime/src/cross/nested-write-visitor.ts (1)

172-172: LGTM!

The addition of the createManyAndReturn case to the doVisit method is a logical extension of the existing functionality. It follows the established pattern and is consistent with the provided summary.

tests/integration/tests/enhancements/with-policy/auth.test.ts (3)

393-396: Tests validate createMany and createManyAndReturn with default overrides

The added tests correctly ensure that the authorName override is respected when using both createMany and createManyAndReturn, confirming that explicitly provided values take precedence over default values derived from auth().

---

422-427: Consistent testing of default value overrides in batch operations

The tests appropriately verify that createMany and createManyAndReturn do not override explicitly provided authorName values with defaults from auth(). This confirms the intended behavior in batch operations.

---

654-666: Effective testing of default auth() values in various create operations

The tests accurately validate that default auth() values are correctly applied in create, createMany, and createManyAndReturn operations, even when associating posts with stats. This ensures that the default authentication context is consistently enforced across different methods.

packages/runtime/src/enhancements/node/policy/handler.ts (4)

15-15: Import Statement Addition Approved

The addition of getModelInfo to the imports is appropriate and necessary for the implementation of hasRelationFieldsInPayload.

---

439-443: Enhancement of createMany Method Approved

The conditional logic to determine whether to convert createMany to individual create operations improves the handling of nested creates and post-write checks. The transaction management is correctly implemented.

Also applies to: 448-448

---

475-481: Enhancement of createManyAndReturn Method Approved

The updates effectively manage the decision to perform direct createManyAndReturn or to handle each creation individually with proper transaction support and post-write checks. Error handling and result processing are correctly addressed.

Also applies to: 491-497

---

581-586: Modification of doCreateMany Method Approved

Passing the action parameter enhances the clarity of log messages and ensures that the method can handle different actions appropriately. The logging at line 602 correctly reflects the action being performed, aiding in debugging and monitoring.

Also applies to: 602-602