chore: expand injectForRead to include isList

Author: genu

packages/runtime/src/enhancements/node/policy/handler.ts

@@ -133,21 +133,13 @@ export class PolicyProxyHandler<DbClient extends DbClientContract> implements Pr
     private async doFind(args: any, actionName: FindOperations, handleRejection: () => any, isList: boolean = false) {
         const origArgs = args;
         const _args = this.policyUtils.safeClone(args);
-        if (!this.policyUtils.injectForRead(this.prisma, this.model, _args)) {
+        if (!this.policyUtils.injectForReadOrList(this.prisma, this.model, _args, isList)) {
             if (this.shouldLogQuery) {
                 this.logger.info(`[policy] \`${actionName}\` ${this.model}: unconditionally denied`);
             }
             return handleRejection();
         }
 
-        if (isList && !this.policyUtils.injectForList(this.prisma, this.model, _args)) {
-            if (this.shouldLogQuery) {
-                this.logger.info(`[policy] \`${actionName}\` ${this.model}: unconditionally denied`);
-            }
-
-            return handleRejection();
-        }
-
         this.policyUtils.injectReadCheckSelect(this.model, _args);
 
         if (this.shouldLogQuery) {
@@ -1617,7 +1609,7 @@ export class PolicyProxyHandler<DbClient extends DbClientContract> implements Pr
             // "update" has an extra layer of "after"
             const payload = key === 'update' ? args[key].after : args[key];
             const toInject = { where: payload };
-            this.policyUtils.injectForRead(this.prisma, this.model, toInject);
+            this.policyUtils.injectForReadOrList(this.prisma, this.model, toInject, false);
             if (key === 'update') {
                 // "update" has an extra layer of "after"
                 args[key].after = toInject.where;

packages/runtime/src/enhancements/node/policy/index.ts

@@ -75,6 +75,6 @@ export async function policyProcessIncludeRelationPayload(
     context: EnhancementContext | undefined
 ) {
     const utils = new PolicyUtil(prisma, options, context);
-    await utils.injectForRead(prisma, model, payload);
+    await utils.injectForReadOrList(prisma, model, payload, false);
     await utils.injectReadCheckSelect(model, payload);
 }

packages/runtime/src/enhancements/node/policy/policy-utils.ts

@@ -604,7 +604,7 @@ export class PolicyUtil extends QueryUtils {
     /**
      * Injects auth guard for read operations.
      */
-    injectForRead(db: CrudContract, model: string, args: any) {
+    injectForReadOrList(db: CrudContract, model: string, args: any, isList: boolean) {
         // make select and include visible to the injection
         const injected: any = { select: args.select, include: args.include };
         if (!this.injectAuthGuardAsWhere(db, injected, model, 'read')) {
@@ -652,14 +652,6 @@ export class PolicyUtil extends QueryUtils {
         return true;
     }
 
-    /**
-     * Injects auth guard for read operations.
-     */
-    injectForList(_db: CrudContract, _model: string, _args: any) {
-        // make select and include visible to the injection
-        return true;
-    }
-
     //#endregion
 
     //#region Checker
@@ -1148,7 +1140,7 @@ export class PolicyUtil extends QueryUtils {
             CrudFailureReason.RESULT_NOT_READABLE
         );
 
-        const injectResult = this.injectForRead(db, model, readArgs);
+        const injectResult = this.injectForReadOrList(db, model, readArgs, false);
         if (!injectResult) {
             return { error, result: undefined };
         }