From e4ab13f164705ea4b1d4fd3bbf5d39e74740de74 Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Thu, 26 Feb 2026 20:50:14 -0500 Subject: [PATCH] fix(policy): wrong table alias used when injecting for field policies fixes #2385 --- packages/plugins/policy/src/policy-handler.ts | 2 +- tests/regression/test/issue-2385.test.ts | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 tests/regression/test/issue-2385.test.ts diff --git a/packages/plugins/policy/src/policy-handler.ts b/packages/plugins/policy/src/policy-handler.ts index aa46be502..f42459bc4 100644 --- a/packages/plugins/policy/src/policy-handler.ts +++ b/packages/plugins/policy/src/policy-handler.ts @@ -660,7 +660,7 @@ export class PolicyHandler extends OperationNodeTransf selections = [SelectionNode.create(SelectAllNode.create())]; } - const modelPolicyFilter = this.buildPolicyFilter(model, alias, operation); + const modelPolicyFilter = this.buildPolicyFilter(model, model, operation); if (!isTrueNode(modelPolicyFilter)) { hasPolicies = true; } diff --git a/tests/regression/test/issue-2385.test.ts b/tests/regression/test/issue-2385.test.ts new file mode 100644 index 000000000..6c1ad11aa --- /dev/null +++ b/tests/regression/test/issue-2385.test.ts @@ -0,0 +1,53 @@ +import { createPolicyTestClient } from '@zenstackhq/testtools'; +import { describe, expect, it } from 'vitest'; + +describe('Regression for issue #2385', () => { + it('should not generate "missing FROM-clause entry" when including a relation with a static-value @@allow policy', async () => { + const db = await createPolicyTestClient( + ` +model User { + id String @id @default(uuid()) + name String + associations Association[] + createdAt DateTime @default(now()) + updatedAt DateTime @updatedAt + + @@allow("read", auth().id == id) +} + +model Association { + id String @id @default(uuid()) + name String + userId String @db.VarChar @map("user_id") + user User @relation(fields: [userId], references: [id]) + createdAt DateTime @default(now()) @allow("read", auth().id == userId) + updatedAt DateTime @updatedAt + + @@allow("read", auth().id == userId) +} + `, + ); + + const rawDb = db.$unuseAll(); + const user = await rawDb.user.create({ + data: { + name: 'John Doe', + }, + }); + + await rawDb.association.create({ + data: { + name: 'Association for John', + userId: user.id, + }, + }); + + const userDb = db.$setAuth(user); + + await expect( + userDb.user.findMany({ + include: { associations: true }, + }), + ).toResolveTruthy(); + }); +});