add owner to Space, fix "create" policy for SpaceUser

Author: ymc9

package-lock.json

@@ -34,7 +34,7 @@
         "postcss": "^8.4.23",
         "prettier": "^2.8.0",
         "prettier-plugin-svelte": "^2.8.1",
-        "prisma": "^5.19.1",
+        "prisma": "^6.1.0",
         "svelte": "^4.1.2",
         "svelte-check": "^3.4.6",
         "tailwindcss": "^3.3.2",
@@ -46,7 +46,7 @@
     },
     "type": "module",
     "dependencies": {
-        "@prisma/client": "^5.19.1",
+        "@prisma/client": "^6.1.0",
         "@steeze-ui/heroicons": "^2.2.3",
         "@steeze-ui/svelte-icon": "^1.5.0",
         "@tanstack/svelte-query": "^4.32.6",

package.json

@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - Added the required column `ownerId` to the `Space` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "Space" ADD COLUMN     "ownerId" TEXT NOT NULL;
+
+-- AddForeignKey
+ALTER TABLE "Space" ADD CONSTRAINT "Space_ownerId_fkey" FOREIGN KEY ("ownerId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

prisma/migrations/20241222160427_add_space_owner/migration.sql

@@ -1,3 +1,3 @@
 # Please do not edit this file manually
-# It should be added in your version-control system (i.e. Git)
+# It should be added in your version-control system (e.g., Git)
 provider = "postgresql"

prisma/migrations/migration_lock.toml

@@ -22,6 +22,8 @@ model Space {
   id        String      @id() @default(uuid())
   createdAt DateTime    @default(now())
   updatedAt DateTime    @updatedAt()
+  owner     User        @relation(fields: [ownerId], references: [id], onDelete: Cascade)
+  ownerId   String
   name      String
   slug      String      @unique()
   members   SpaceUser[]
@@ -42,13 +44,14 @@ model SpaceUser {
 }
 
 model User {
-  id       String      @id() @default(cuid())
-  email    String      @unique()
-  password String
-  name     String?
-  spaces   SpaceUser[]
-  todos    Todo[]
-  lists    List[]
+  id          String      @id() @default(cuid())
+  email       String      @unique()
+  password    String
+  name        String?
+  ownedSpaces Space[]
+  memberships SpaceUser[]
+  todos       Todo[]
+  lists       List[]
 }
 
 model List {

prisma/schema.prisma

@@ -29,6 +29,8 @@ model Space {
   id        String      @id @default(uuid())
   createdAt DateTime    @default(now())
   updatedAt DateTime    @updatedAt
+  owner     User        @relation(fields: [ownerId], references: [id], onDelete: Cascade)
+  ownerId   String      @default(auth().id)
   name      String      @length(4, 50)
   slug      String      @unique @regex('^[0-9a-zA-Z\-_]{4,16}$')
   members   SpaceUser[]
@@ -64,8 +66,14 @@ model SpaceUser {
   // require login
   @@deny('all', auth() == null)
 
-  // space admin can create/update/delete
-  @@allow('create,update,delete', space.members?[user == auth() && role == ADMIN])
+  // space owner can add any one
+  @@allow('create', space.owner == auth())
+    
+  // space admin can add anyone but not himself
+  @@allow('create', auth() != user && space.members?[user == auth() && role == ADMIN])
+
+  // space admin can update/delete
+  @@allow('update,delete', space.members?[user == auth() && role == ADMIN])
 
   // user can read entries for spaces which he's a member of
   @@allow('read', space.members?[user == auth()])
@@ -75,13 +83,14 @@ model SpaceUser {
   * User model
   */
 model User {
-  id       String      @id @default(cuid())
-  email    String      @unique @email
-  password String      @password @omit @length(6, 32)
-  name     String?
-  spaces   SpaceUser[]
-  todos    Todo[]
-  lists    List[]
+  id          String      @id @default(cuid())
+  email       String      @unique @email
+  password    String      @password @omit @length(6, 32)
+  name        String?
+  ownedSpaces Space[]
+  memberships SpaceUser[]
+  todos       Todo[]
+  lists       List[]
   @@allow('create,read', true)
   @@allow('all', auth() == this)
 }

schema.zmodel

@@ -22,6 +22,20 @@ const metadata = {
                     name: "updatedAt",
                     type: "DateTime",
                     attributes: [{ "name": "@updatedAt", "args": [] }],
+                }, owner: {
+                    name: "owner",
+                    type: "User",
+                    isDataModel: true,
+                    backLink: 'ownedSpaces',
+                    isRelationOwner: true,
+                    foreignKeyMapping: { "id": "ownerId" },
+                }, ownerId: {
+                    name: "ownerId",
+                    type: "String",
+                    attributes: [{ "name": "@default", "args": [] }],
+                    defaultValueProvider: $default$Space$ownerId,
+                    isForeignKey: true,
+                    relationField: 'owner',
                 }, name: {
                     name: "name",
                     type: "String",
@@ -85,7 +99,7 @@ const metadata = {
                     name: "user",
                     type: "User",
                     isDataModel: true,
-                    backLink: 'spaces',
+                    backLink: 'memberships',
                     isRelationOwner: true,
                     foreignKeyMapping: { "id": "userId" },
                 }, userId: {
@@ -127,8 +141,14 @@ const metadata = {
                     name: "name",
                     type: "String",
                     isOptional: true,
-                }, spaces: {
-                    name: "spaces",
+                }, ownedSpaces: {
+                    name: "ownedSpaces",
+                    type: "Space",
+                    isDataModel: true,
+                    isArray: true,
+                    backLink: 'owner',
+                }, memberships: {
+                    name: "memberships",
                     type: "SpaceUser",
                     isDataModel: true,
                     isArray: true,
@@ -287,12 +307,16 @@ const metadata = {
     ,
     deleteCascade: {
         space: ['SpaceUser', 'List'],
-        user: ['SpaceUser', 'List', 'Todo'],
+        user: ['Space', 'SpaceUser', 'List', 'Todo'],
         list: ['Todo'],
     }
     ,
     authModel: 'User'
 };
+function $default$Space$ownerId(user: any): unknown {
+    return user?.id;
+}
+
 function $default$List$ownerId(user: any): unknown {
     return user?.id;
 }

src/lib/hooks/__model_meta.ts

@@ -242,7 +242,7 @@ export function useCountSpace<TArgs extends Prisma.SpaceCountArgs, TQueryFnData
     return useModelQuery<TQueryFnData, TData, TError>('Space', `${endpoint}/space/count`, args, options, fetch);
 }
 
-export function useCheckSpace<TError = DefaultError>(args: { operation: PolicyCrudKind; where?: { id?: string; name?: string; slug?: string }; }, options?: (StoreOrVal<Omit<CreateQueryOptions<boolean, TError, boolean>, 'queryKey'>> & ExtraQueryOptions)) {
+export function useCheckSpace<TError = DefaultError>(args: { operation: PolicyCrudKind; where?: { id?: string; ownerId?: string; name?: string; slug?: string }; }, options?: (StoreOrVal<Omit<CreateQueryOptions<boolean, TError, boolean>, 'queryKey'>> & ExtraQueryOptions)) {
     const { endpoint, fetch } = getHooksContext();
     return useModelQuery<boolean, boolean, TError>('Space', `${endpoint}/space/check`, args, options, fetch);
 }

src/lib/hooks/space.ts

@@ -22,6 +22,7 @@ export const actions = {
                 data: {
                     name,
                     slug,
+                    owner: { connect: { id: locals.user.id } },
                     members: {
                         create: {
                             user: { connect: { id: locals.user.id } },

src/routes/(app)/create-space/+page.server.ts

@@ -35,6 +35,7 @@ export const actions = {
                 data: {
                     name: `My Space`,
                     slug: nanoid(8),
+                    owner: { connect: { id: user.id } },
                     members: {
                         create: {
                             user: { connect: { id: user.id } },