add owner to Space, fix "create" policy for SpaceUser

Author: ymc9

lib/hooks/__model_meta.ts

@@ -22,6 +22,20 @@ const metadata = {
                     name: "updatedAt",
                     type: "DateTime",
                     attributes: [{ "name": "@updatedAt", "args": [] }],
+                }, owner: {
+                    name: "owner",
+                    type: "User",
+                    isDataModel: true,
+                    backLink: 'ownedSpaces',
+                    isRelationOwner: true,
+                    foreignKeyMapping: { "id": "ownerId" },
+                }, ownerId: {
+                    name: "ownerId",
+                    type: "String",
+                    attributes: [{ "name": "@default", "args": [] }],
+                    defaultValueProvider: $default$Space$ownerId,
+                    isForeignKey: true,
+                    relationField: 'owner',
                 }, name: {
                     name: "name",
                     type: "String",
@@ -85,7 +99,7 @@ const metadata = {
                     name: "user",
                     type: "User",
                     isDataModel: true,
-                    backLink: 'spaces',
+                    backLink: 'memberships',
                     isRelationOwner: true,
                     foreignKeyMapping: { "id": "userId" },
                 }, userId: {
@@ -140,8 +154,14 @@ const metadata = {
                     name: "name",
                     type: "String",
                     isOptional: true,
-                }, spaces: {
-                    name: "spaces",
+                }, ownedSpaces: {
+                    name: "ownedSpaces",
+                    type: "Space",
+                    isDataModel: true,
+                    isArray: true,
+                    backLink: 'owner',
+                }, memberships: {
+                    name: "memberships",
                     type: "SpaceUser",
                     isDataModel: true,
                     isArray: true,
@@ -384,12 +404,16 @@ const metadata = {
     ,
     deleteCascade: {
         space: ['SpaceUser', 'List'],
-        user: ['SpaceUser', 'List', 'Todo', 'Account'],
+        user: ['Space', 'SpaceUser', 'List', 'Todo', 'Account'],
         list: ['Todo'],
     }
     ,
     authModel: 'User'
 };
+function $default$Space$ownerId(user: any): unknown {
+    return user?.id;
+}
+
 function $default$List$ownerId(user: any): unknown {
     return user?.id;
 }

lib/hooks/space.ts

@@ -159,6 +159,6 @@ export function useCountSpace<T extends Prisma.SpaceCountArgs>(args?: Prisma.Sub
     return request.useModelQuery('Space', 'count', args, options);
 }
 
-export function useCheckSpace(args: { operation: PolicyCrudKind; where?: { id?: string; name?: string; slug?: string }; }, options?: QueryOptions<boolean>) {
+export function useCheckSpace(args: { operation: PolicyCrudKind; where?: { id?: string; ownerId?: string; name?: string; slug?: string }; }, options?: QueryOptions<boolean>) {
     return request.useModelQuery('Space', 'check', args, options);
 }

next.config.js

@@ -3,7 +3,11 @@ const nextConfig = {
     reactStrictMode: true,
     swcMinify: true,
     images: {
-        domains: ['picsum.photos', 'lh3.googleusercontent.com', 'avatars.githubusercontent.com'],
+        remotePatterns: [
+            { hostname: 'picsum.photos' },
+            { hostname: 'lh3.googleusercontent.com' },
+            { hostname: 'avatars.githubusercontent.com' },
+        ],
     },
 };
 

package-lock.json

@@ -21,7 +21,7 @@
     "dependencies": {
         "@heroicons/react": "^2.0.12",
         "@next-auth/prisma-adapter": "^1.0.6",
-        "@prisma/client": "^6.0.1",
+        "@prisma/client": "^6.1.0",
         "@vercel/analytics": "^1.0.1",
         "@zenstackhq/runtime": "2.10.2",
         "@zenstackhq/server": "2.10.2",
@@ -51,7 +51,7 @@
         "eslint": "^7.19.0",
         "eslint-config-next": "12.3.1",
         "postcss": "^8.4.16",
-        "prisma": "^6.0.1",
+        "prisma": "^6.1.0",
         "tailwindcss": "^3.1.8",
         "typescript": "^5.1.6",
         "zenstack": "2.10.2"

package.json

@@ -68,6 +68,7 @@ export const authOptions: NextAuthOptions = {
                 data: {
                     name: `${user.name || user.email}'s space`,
                     slug: nanoid(8),
+                    owner: { connect: { id: user.id } },
                     members: {
                         create: [
                             {

pages/api/auth/[...nextauth].ts

@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - Added the required column `ownerId` to the `Space` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "Space" ADD COLUMN     "ownerId" TEXT NOT NULL;
+
+-- AddForeignKey
+ALTER TABLE "Space" ADD CONSTRAINT "Space_ownerId_fkey" FOREIGN KEY ("ownerId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

prisma/migrations/20241222114017_add_space_owner/migration.sql

@@ -1,3 +1,3 @@
 # Please do not edit this file manually
-# It should be added in your version-control system (i.e. Git)
+# It should be added in your version-control system (e.g., Git)
 provider = "postgresql"

prisma/migrations/migration_lock.toml

@@ -21,6 +21,8 @@ model Space {
   id        String      @id() @default(uuid())
   createdAt DateTime    @default(now())
   updatedAt DateTime    @updatedAt()
+  owner     User        @relation(fields: [ownerId], references: [id], onDelete: Cascade)
+  ownerId   String
   name      String
   slug      String      @unique()
   members   SpaceUser[]
@@ -48,7 +50,8 @@ model User {
   emailVerified DateTime?
   password      String?
   name          String?
-  spaces        SpaceUser[]
+  ownedSpaces   Space[]
+  memberships   SpaceUser[]
   image         String?
   lists         List[]
   todos         Todo[]

prisma/schema.prisma

@@ -36,6 +36,8 @@ model Space {
     id        String      @id @default(uuid())
     createdAt DateTime    @default(now())
     updatedAt DateTime    @updatedAt
+    owner     User        @relation(fields: [ownerId], references: [id], onDelete: Cascade)
+    ownerId   String      @default(auth().id)
     name      String      @length(4, 50)
     slug      String      @unique @regex('^[0-9a-zA-Z]{4,16}$')
     members   SpaceUser[]
@@ -71,8 +73,14 @@ model SpaceUser {
     // require login
     @@deny('all', auth() == null)
 
-    // space admin can create/update/delete
-    @@allow('create,update,delete', space.members?[user == auth() && role == ADMIN])
+    // space owner can add any one
+    @@allow('create', space.owner == auth())
+    
+    // space admin can add anyone but not himself
+    @@allow('create', auth() != this.user && space.members?[user == auth() && role == ADMIN])
+
+    // space admin can update/delete
+    @@allow('update,delete', space.members?[user == auth() && role == ADMIN])
 
     // user can read entries for spaces which he's a member of
     @@allow('read', space.members?[user == auth()])
@@ -89,7 +97,8 @@ model User {
     emailVerified DateTime?
     password      String?     @password @omit
     name          String?
-    spaces        SpaceUser[]
+    ownedSpaces   Space[]
+    memberships   SpaceUser[]
     image         String?     @url
     lists         List[]
     todos         Todo[]
@@ -101,7 +110,7 @@ model User {
     @@allow('create', true)
 
     // can be read by users sharing any space
-    @@allow('read', spaces?[space.members?[user == auth()]])
+    @@allow('read', memberships?[space.members?[user == auth()]])
 
     // full access by oneself
     @@allow('all', auth() == this)

schema.zmodel

@@ -4,7 +4,7 @@ module.exports = {
     theme: {
         extend: {},
     },
-    plugins: [require('daisyui'), require('@tailwindcss/line-clamp')],
+    plugins: [require('daisyui')],
     daisyui: {
         themes: ['light'],
     },