support using auth() in field defaults

[ymc9]

Summary by CodeRabbit

• New Features

  • Introduced a createManyAndReturn operation, allowing creation of multiple records with immediate return of the created entities and support for field selection and omission.
  • Added support for using authentication context (auth()) as default values for fields, including nested member access.
  • Enhanced policy system with a new expression evaluator for complex authorization logic.

• Bug Fixes

  • Improved relation connection handling to ensure referenced entities exist and proper error handling on missing references.
  • Enhanced policy filter application to handle subqueries and undefined table names safely.

• Documentation

  • Updated breaking changes and TODO documentation to reflect new features and completed tasks.

• Tests

  • Added comprehensive tests for createManyAndReturn and advanced authorization scenarios, including field-level and relation-based policies.
  • Introduced new utilities for streamlined policy-related and general client testing.

• Refactor

  • Standardized expression handling and default value logic across schema, runtime, and SDK layers.
  • Improved type safety and code clarity in CRUD operations and policy expression processing.

• Chores

  • Minor improvements to import order, code formatting, and internal utility functions.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This update introduces a new createManyAndReturn CRUD operation, allowing bulk creation of records with the option to return the created entities. It enhances default value handling by supporting expressions, notably enabling auth() and auth().member as defaults for fields. The policy system is improved with a new expression evaluator, stricter handling of auth() in predicates, and expanded test coverage for authorization and default behaviors.

Changes

File(s)	Change Summary
BREAKINGCHANGES.md	Documented a breaking change: auth() can no longer be directly compared with a relation.
TODO.md	Updated ORM feature progress, added "CreateManyAndReturn", marked several items as complete, and restructured tasks.
packages/runtime/src/client/client-impl.ts	Updated $setAuth to accept undefined, added runtime type checks, and implemented createManyAndReturn in the CRUD handler.
packages/runtime/src/client/crud-types.ts	Added OmitFields and CreateManyAndReturnArgs types; updated SelectInclude; introduced createManyAndReturn to ModelOperations.
packages/runtime/src/client/crud/operations/base.ts	Enhanced relation 'connect' logic, added 'createManyAndReturn' operation, improved default value and generator handling, and updated type imports.
packages/runtime/src/client/crud/operations/create.ts	Added support for 'createManyAndReturn', implemented runCreateManyAndReturn, and updated method signatures.
packages/runtime/src/client/crud/validator.ts	Added validation for createManyAndReturn arguments and improved relation field optionality logic.
packages/runtime/src/client/helpers/schema-db-pusher.ts	Improved detection of function call defaults using Expression.isCall and updated default value assignment.
packages/runtime/src/plugins/policy/expression-evaluator.ts	Introduced ExpressionEvaluator class to interpret schema expressions, supporting various expression types and collection predicates.
packages/runtime/src/plugins/policy/expression-transformer.ts	Added handling for auth() in collection predicates, improved type guard usage, and introduced isAuthMember helper.
packages/runtime/src/plugins/policy/policy-handler.ts	Updated extractTableName to return undefined for subqueries and added guards in transformSelectQuery.
packages/runtime/src/schema/expression.ts	Renamed type guard methods, removed unused guards, and updated method signatures for clarity.
packages/runtime/src/schema/schema.ts	Replaced FieldDefaultProvider with general Expression type for field defaults.
packages/runtime/src/utils/object-utils.ts	Added extractFields and fieldsToSelectObject utility functions for field/object manipulation.
packages/runtime/test/client-api/create-many-and-return.test.ts	Added tests for createManyAndReturn, covering bulk creation, conflict handling, and field selection/omission.
packages/runtime/test/policy/auth.test.ts	Introduced comprehensive tests for auth() in policies, including default values, predicates, and nested relations.
packages/runtime/test/policy/todo-sample.test.ts	Removed query logging from client instantiation in tests.
packages/runtime/test/policy/utils.ts	Added createPolicyTestClient utility for policy-enabled client creation.
packages/runtime/test/test-schema.ts	Updated schema field defaults to use Expression.call for function defaults.
packages/runtime/test/utils.ts	Introduced createTestClient for flexible client instantiation with schema and plugins.
packages/sdk/src/ts-schema-generator.ts	Enhanced schema generator to support authMember defaults, improved default value serialization, and added helper methods for member access detection.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant CRUDHandler
    participant DB
    participant PolicyEvaluator

    Client->>CRUDHandler: createManyAndReturn(args)
    CRUDHandler->>DB: Insert multiple records (args.data)
    DB-->>CRUDHandler: Inserted IDs
    CRUDHandler->>DB: Query inserted records (by IDs, args.select/omit)
    DB-->>CRUDHandler: Created records
    CRUDHandler->>PolicyEvaluator: (if policy applies) Filter records
    PolicyEvaluator-->>CRUDHandler: Filtered records
    CRUDHandler-->>Client: Return created records

Loading

sequenceDiagram
    participant PolicySystem
    participant ExpressionEvaluator
    participant AuthContext

    PolicySystem->>ExpressionEvaluator: evaluate(expression, { auth })
    ExpressionEvaluator->>AuthContext: Access auth() or auth().member
    AuthContext-->>ExpressionEvaluator: Return auth value/member
    ExpressionEvaluator-->>PolicySystem: Evaluation result (boolean/value)

Loading

Poem

In the warren of code, a new path unfurled,
Where many can be born—and their faces returned!
Auth hops through expressions, a clever disguise,
Now defaults and policies open their eyes.
With tests as our carrots, we leap and we bound—
Hooray for new features, in code underground!
🐇✨

Tip

⚡️ Faster reviews with caching

• CodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 16th. To opt out, configure Review - Disable Cache at either the organization or repository level. If you prefer to disable all data retention across your organization, simply turn off the Data Retention setting under your Organization Settings.

Enjoy the performance boost—your workflow just got faster.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 52aec66 and 393cc25.

📒 Files selected for processing (21)

• BREAKINGCHANGES.md (1 hunks)
• TODO.md (3 hunks)
• packages/runtime/src/client/client-impl.ts (3 hunks)
• packages/runtime/src/client/crud-types.ts (3 hunks)
• packages/runtime/src/client/crud/operations/base.ts (8 hunks)
• packages/runtime/src/client/crud/operations/create.ts (3 hunks)
• packages/runtime/src/client/crud/validator.ts (5 hunks)
• packages/runtime/src/client/helpers/schema-db-pusher.ts (2 hunks)
• packages/runtime/src/plugins/policy/expression-evaluator.ts (1 hunks)
• packages/runtime/src/plugins/policy/expression-transformer.ts (4 hunks)
• packages/runtime/src/plugins/policy/policy-handler.ts (2 hunks)
• packages/runtime/src/schema/expression.ts (1 hunks)
• packages/runtime/src/schema/schema.ts (1 hunks)
• packages/runtime/src/utils/object-utils.ts (1 hunks)
• packages/runtime/test/client-api/create-many-and-return.test.ts (1 hunks)
• packages/runtime/test/policy/auth.test.ts (1 hunks)
• packages/runtime/test/policy/todo-sample.test.ts (1 hunks)
• packages/runtime/test/policy/utils.ts (1 hunks)
• packages/runtime/test/test-schema.ts (5 hunks)
• packages/runtime/test/utils.ts (2 hunks)
• packages/sdk/src/ts-schema-generator.ts (4 hunks)

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.