update

Author: ymc9

packages/language/res/stdlib.zmodel

@@ -705,7 +705,7 @@ function check(field: Any, operation: String?): Boolean {
 } @@@expressionContext([AccessPolicy])
 
 /**
- * Gets entity's value before an update. Only valid when used in a "update" policy rule.
+ * Gets entity's value before an update. Only valid when used in a "post-update" policy rule.
  */
 function before(): Any {
 } @@@expressionContext([AccessPolicy])

packages/language/src/validators/attribute-application-validator.ts

@@ -173,6 +173,13 @@ export default class AttributeApplicationValidator implements AstValidator<Attri
             // there can't possibly be a fk that points to it
             this.rejectNonOwnedRelationInExpression(attr.args[1].value, accept);
         }
+
+        if (kind !== 'post-update' && attr.args[1]?.value) {
+            const beforeCall = AstUtils.streamAst(attr.args[1]?.value).find(isBeforeInvocation);
+            if (beforeCall) {
+                accept('error', `"before()" is only allowed in "post-update" policy rules`, { node: beforeCall });
+            }
+        }
     }
 
     private rejectNonOwnedRelationInExpression(expr: Expression, accept: ValidationAcceptor) {

packages/language/test/attribute-application.test.ts

@@ -0,0 +1,23 @@
+import { describe, it } from 'vitest';
+import { loadSchemaWithError } from './utils';
+
+describe('Attribute application validation tests', () => {
+    it('rejects before in non-post-update policies', async () => {
+        await loadSchemaWithError(
+            `
+            datasource db {
+                provider = 'sqlite'
+                url      = 'file:./dev.db'
+            }
+            
+            model Foo {
+                id Int @id @default(autoincrement())
+                x  Int
+                @@allow('all', true)
+                @@deny('update', before(x) > 2)
+            }
+            `,
+            `"before()" is only allowed in "post-update" policy rules`,
+        );
+    });
+});