doc: updates about the check API

[ymc9]

Summary by CodeRabbit

• New Features

  • Introduced the check API for permission checking without database access, enhancing UI performance.
  • Added examples for implementing permission checks for various user scenarios.

• Documentation

  • Expanded guides and reference documentation for the check API, clarifying its usage and limitations.
  • Included warnings about compatibility with edge runtimes and the nature of permission checking.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
zenstack-new-site	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 24, 2024 5:25pm

[coderabbitai]

Walkthrough

The pull request introduces enhancements to the documentation for ZenStack's check API, focusing on permission checking without database access. It expands the check-permission.md and prisma-client-ext.md files to clarify the API's purpose, usage, and limitations. New sections and examples are added to improve understanding, particularly regarding user scenarios and access policies. Additionally, the declaration of the new check method and the CheckArgs type is included, detailing its parameters and functionality.

Changes

File Path	Change Summary
docs/guides/check-permission.md	Expanded introduction, added "Understanding the Problem" section, elaborated usage examples, and outlined limitations of the check API.
docs/reference/prisma-client-ext.md	Updated to include new check API details, its limitations, warnings about edge runtimes, and example usage. Added check method signature and CheckArgs type declaration.

Possibly related PRs

• docs: permission checker documentation #303: This PR focuses on the documentation for the check-permission.md file, which is directly related to the main PR's changes in the same document, enhancing the explanation of the check API.
• docs: doc changes for release 2.5.0 #361: This PR updates the documentation for the check API, specifically mentioning its limitations with edge runtime environments, which aligns with the main PR's enhancements to the check API documentation in prisma-client-ext.md.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (8)

docs/reference/prisma-client-ext.md (4)

Line range hint 13-15: Consider adding context about edge runtime limitations.

The warning about edge runtime support is clear, but it would be more helpful to briefly explain why it's not supported (e.g., if it requires Node.js-specific features).

 :::warning
-The API is not supported on edge runtime (e.g., Cloudflare Workers or Vercel Edge). You'll get a runtime error when calling it.
+The API is not supported on edge runtime (e.g., Cloudflare Workers or Vercel Edge) due to its dependency on Node.js-specific features for policy evaluation. You'll get a runtime error when calling it.
 :::

---

Line range hint 23-31: Clarify the "over-permissive" behavior.

The danger notice warns about over-permissive behavior but doesn't explain what this means in practice. Consider adding a brief example to illustrate when the check might return true even though actual database access would be denied.

 :::danger
-Permission checking is an approximation and can be over-permissive. You MUST NOT trust it and circumvent the real access control mechanism (e.g., calling raw Prisma CRUD operations without further authorization checks).
+Permission checking is an approximation and can be over-permissive (e.g., it might return true for reading a post even if the referenced author record is inaccessible). You MUST NOT trust it and circumvent the real access control mechanism (e.g., calling raw Prisma CRUD operations without further authorization checks).
 :::

---

Line range hint 35-46: Improve the CheckArgs type definition.

The where type is shown with ... which might be confusing. Consider showing that it accepts the same filters as the model's regular where clause.

 type CheckArgs = {
   /**
    * The operation to check for
    */
   operation: 'create' | 'read' | 'update' | 'delete';

   /**
    * The optional additional constraints to impose on the model fields
-   */
-  where?: { ... };
+   * Accepts the same filters as the model's regular `where` clause
+   */
+  where?: Prisma.PostWhereInput;
 }

---

Line range hint 50-57: Enhance the example with more realistic scenarios.

While the current example is clear, consider adding more practical scenarios that demonstrate checking multiple operations and combining conditions.

 const db = enhance(prisma, { user: getCurrentUser() });

-// check if the current user can read published posts
-await canRead = await db.post.check({
+// Check various permissions
+const canReadPublished = await db.post.check({
   operation: 'read',
   where: { published: true }
 });
+
+// Check update permission with multiple conditions
+const canUpdateOwn = await db.post.check({
+  operation: 'update',
+  where: {
+    authorId: currentUser.id,
+    published: false
+  }
+});

docs/guides/check-permission.md (4)

Line range hint 8-14: Strengthen the preview status warning.

Consider adding a more prominent warning banner at the beginning of the document to emphasize:

1. The preview/beta status of this feature
2. Potential API changes in future versions
3. The need for careful testing in non-production environments first

Here's a suggested addition right after the title:

# Checking Permissions Without Hitting the Database (Preview)

+:::warning PREVIEW FEATURE
+This feature is in preview and:
+- The API may change in future versions
+- Should be thoroughly tested before production use
+- May have limitations not yet discovered
+:::

## Introduction

---

Line range hint 134-141: Enhance type information and error handling examples.

The API signature would be more helpful with:

1. Complete TypeScript types for better IDE support
2. Error handling examples
3. Return type documentation

Consider expanding the example:

 type CheckArgs = {
   /**
    * The operation to check for
    */
   operation: 'create' | 'read' | 'update' | 'delete';
 
   /**
    * The optional additional constraints to impose on the model fields
    */
   where?: { id?: number; title?: string; published?: boolean; authorId?: number };
-}
+};
+
+/**
+ * Example with error handling:
+ */
+try {
+  const canRead = await db.post.check({ 
+    operation: 'read',
+    where: { published: false }
+  });
+  // Handle the result
+} catch (error) {
+  // Handle potential errors:
+  // - Invalid operation
+  // - Unsupported field types
+  // - SAT solver errors
+}

---

Line range hint 175-196: Expand the limitations section with examples.

The limitations section would be more helpful with concrete examples of:

1. Unsupported scenarios and their workarounds
2. Edge runtime limitations and alternative approaches
3. How ignored features affect the results

Consider adding examples:

 ## Limitations
+
+### Unsupported Features Example
+
+```ts
+// ❌ Unsupported: String operations
+@@allow('read', title.startsWith('Draft-'))
+
+// ❌ Unsupported: Array operations
+@@allow('read', tags.includes('public'))
+
+// ❌ Unsupported: Relation traversal
+@@allow('read', author.organization.id == auth().orgId)
+```
+
+### Edge Runtime Alternative
+
+When deploying to edge runtimes, consider:
+1. Moving permission checks to the main API routes
+2. Using simplified boolean checks for UI rendering
+3. Implementing a fallback strategy

---

Line range hint 197-203: Add security considerations for anonymous context.

While the evaluation rules are clear, consider adding:

1. Security implications of anonymous access
2. Best practices for handling anonymous contexts
3. Common pitfalls to avoid

Consider adding a security note:

### Security Considerations

When handling anonymous contexts:
- Always validate permissions again on the server-side
- Consider implementing rate limiting for anonymous checks
- Log and monitor anonymous permission checks for abuse

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 4ce5191 and 26c4f9d.

📒 Files selected for processing (2)

• docs/guides/check-permission.md (1 hunks)
• docs/reference/prisma-client-ext.md (1 hunks)