Update permission buggy when used in @@deny

[baenio]

Description and expected behavior
While writing the policies, I found out that the update permission in my @@deny is not working as expected. The following two policies will still update the id:

@@deny("update", future().id != id)
@@allow("update", true)

I also found out, that I can't run npx zenstack generate, when I write it like this:

@@deny("update", future().id != this.id)

// error
node_modules/.zenstack/policy.ts:1130:29 - error TS2304: Cannot find name 'id'.

Environment:

• ZenStack version: 1.12.0
• Prisma version: 5.12.1
• Database type: Postgresql

[baenio]

There is of course a workaround for that, but I think, that it should still be possible to write it like initially. Especially the allow policy will be much longer, which will lead to unreadability.

// workaround, which will work
@@allow("update", future().id == id)