-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prisma JS/TS client generator exclude
attribute
#7380
Comments
In the above context and with the suggested implementation at schema level, How about this alternative ? generator client { ... }
model Model {
...
password String @client.explicit // client must explicitly request this field
} However, if we want to use something at the query level, |
In English, "explicit" usually has the connotation that something is for adults. So not sure that's the best here. I vote for model Model {
field String @client.excludeByDefault
} |
@flybayer "I explicitly asked Tom not to buy bitcoin today" - What part of it is pointing to
|
I suggest model User {
password String @hidden
} |
How about model User {
password String @withhold
sourceData Json @withhold
} I like that it suggests the field is available (something exclude/private/hidden doesn't convey IMO) without implying that the data is sensitive (you might want to exclude a field by default just because it's heavy or not often used) |
We can also try generator client {
provider = "prisma-client-js"
defaultVisibility = "public"
}
model User {
name String @public // Optional because @public is the default
password String? @private
} |
IMO, |
Folks, please understand that I am hoping for that feature ... |
"explicit" is interesting. Not sure I agree about the adult connotation, might say more about the reader's state of mind than anything 🤔. Another I've thought of before is
If we start with explicit terms we can always bring in more generic/sugar ones later in a backwards compatible way. The reverse is not true if we start with bold general nice but risky terms. |
Has the terminology question been settled yet? while I personally prefer |
any updates? |
I agree, this has nothing to do with the models. But we should be able to exclude fields in queries. +1 for this feature! |
Looks like the discussions have been going on around this feature for almost 2 years, greatly needed on our side as well :) |
I think that even though prisma should not care whether the information is private or not we still need an ease and clean way to just say that some fields should not be selected unless we actually tell them to, and imagine a table that a good part of the data is not returned to the user, then we would have to manually remove each one of them every time we want to query that table, i think that so far adding the |
Totally agree, would love to see this implemented sometime soon! |
A default boolean var set to |
exclude
attribute
We have decided not to go with |
Currently, the client selects all fields when querying a model. There's no easy way to exclude a field by default. This makes it easy to accidentally send sensitive information back to the client, for example a password hash on a user model.
It is infeasible or too complicated to build a solution for this issue without undermining the current design of the client (
exclude
can't neatly fit in besidesinclude
andselect
in the type system) or building complex hacks that do not work for more involved scenarios.This proposal introduces a generator attribute that will instruct the client to not query a field by default, but it must be explicitly selected instead for it to get fetched.
Prisma Schema Language (PSL) Syntax Proposal
With the concept of generator attributes being a decided addition in the future of the Prisma Schema (#7209), we can already decide to implement exclude as a "known" generator attribute, meaning that while we don't have pluggable generators formalized, we can skip the generic plugin part and include it first-party into the Prisma code until we have a real system in place:
The
exclude
property is namespaced to the generator that will use it in the end.Technical Details
The attribute will be attached to all places in the underlying protocol (currently internal, used by the language generators) where something has been derived from the field:
Note that the above is not a final version and may change.
Feedback
exclude
naming? If not, what would be a preferable alternative?The text was updated successfully, but these errors were encountered: