fix: direct field value filter should be controlled by filter slicing

Author: ymc9

packages/orm/src/client/crud-types.ts

@@ -345,7 +345,7 @@ type EnumFilter<
     WithAggregations extends boolean,
     AllowedKinds extends FilterKind,
 > =
-    | NullableIf<keyof GetEnum<Schema, T>, Nullable>
+    | ('Equality' extends AllowedKinds ? NullableIf<keyof GetEnum<Schema, T>, Nullable> : never)
     | (('Equality' extends AllowedKinds
           ? {
                 /**
@@ -510,7 +510,7 @@ export type StringFilter<
     WithAggregations extends boolean,
     AllowedKinds extends FilterKind = FilterKind,
 > =
-    | NullableIf<string, Nullable>
+    | ('Equality' extends AllowedKinds ? NullableIf<string, Nullable> : never)
     | (CommonPrimitiveFilter<string, 'String', Nullable, WithAggregations, AllowedKinds> &
           ('Like' extends AllowedKinds
               ? {
@@ -560,7 +560,7 @@ export type NumberFilter<
     WithAggregations extends boolean,
     AllowedKinds extends FilterKind = FilterKind,
 > =
-    | NullableIf<number | bigint, Nullable>
+    | ('Equality' extends AllowedKinds ? NullableIf<number | bigint, Nullable> : never)
     | (CommonPrimitiveFilter<number, T, Nullable, WithAggregations, AllowedKinds> &
           (WithAggregations extends true
               ? {
@@ -596,7 +596,7 @@ export type DateTimeFilter<
     WithAggregations extends boolean,
     AllowedKinds extends FilterKind = FilterKind,
 > =
-    | NullableIf<Date | string, Nullable>
+    | ('Equality' extends AllowedKinds ? NullableIf<Date | string, Nullable> : never)
     | (CommonPrimitiveFilter<Date | string, 'DateTime', Nullable, WithAggregations, AllowedKinds> &
           (WithAggregations extends true
               ? {
@@ -622,7 +622,7 @@ export type BytesFilter<
     WithAggregations extends boolean,
     AllowedKinds extends FilterKind = FilterKind,
 > =
-    | NullableIf<Uint8Array | Buffer, Nullable>
+    | ('Equality' extends AllowedKinds ? NullableIf<Uint8Array | Buffer, Nullable> : never)
     | (('Equality' extends AllowedKinds
           ? {
                 /**
@@ -670,7 +670,7 @@ export type BooleanFilter<
     WithAggregations extends boolean,
     AllowedKinds extends FilterKind = FilterKind,
 > =
-    | NullableIf<boolean, Nullable>
+    | ('Equality' extends AllowedKinds ? NullableIf<boolean, Nullable> : never)
     | (('Equality' extends AllowedKinds
           ? {
                 /**

packages/orm/src/client/crud/validator/index.ts

@@ -559,6 +559,17 @@ export class InputValidator<Schema extends SchemaDef> {
     ): ZodType {
         const modelDef = requireModel(this.schema, model);
 
+        // unique field used in unique filters bypass filter slicing
+        const uniqueFieldNames = unique
+            ? getUniqueFields(this.schema, model)
+                  .filter(
+                      (uf): uf is { name: string; def: FieldDef } =>
+                          // single-field unique
+                          'def' in uf,
+                  )
+                  .map((uf) => uf.name)
+            : undefined;
+
         const fields: Record<string, any> = {};
         for (const field of Object.keys(modelDef.fields)) {
             const fieldDef = requireField(this.schema, model, field);
@@ -602,11 +613,13 @@ export class InputValidator<Schema extends SchemaDef> {
                     }
                 }
             } else {
+                const ignoreSlicing = !!uniqueFieldNames?.includes(field);
+
                 const enumDef = getEnum(this.schema, fieldDef.type);
                 if (enumDef) {
                     // enum
                     if (Object.keys(enumDef.values).length > 0) {
-                        fieldSchema = this.makeEnumFilterSchema(model, fieldDef, withAggregations);
+                        fieldSchema = this.makeEnumFilterSchema(model, fieldDef, withAggregations, ignoreSlicing);
                     }
                 } else if (fieldDef.array) {
                     // array field
@@ -615,7 +628,7 @@ export class InputValidator<Schema extends SchemaDef> {
                     fieldSchema = this.makeTypedJsonFilterSchema(model, fieldDef);
                 } else {
                     // primitive field
-                    fieldSchema = this.makePrimitiveFilterSchema(model, fieldDef, withAggregations);
+                    fieldSchema = this.makePrimitiveFilterSchema(model, fieldDef, withAggregations, ignoreSlicing);
                 }
             }
 
@@ -626,6 +639,7 @@ export class InputValidator<Schema extends SchemaDef> {
 
         if (unique) {
             // add compound unique fields, e.g. `{ id1_id2: { id1: 1, id2: 1 } }`
+            // compound-field filters are not affected by slicing
             const uniqueFields = getUniqueFields(this.schema, model);
             for (const uniqueField of uniqueFields) {
                 if ('defs' in uniqueField) {
@@ -639,13 +653,12 @@ export class InputValidator<Schema extends SchemaDef> {
                                     if (enumDef) {
                                         // enum
                                         if (Object.keys(enumDef.values).length > 0) {
-                                            fieldSchema = this.makeEnumFilterSchema(model, def, false);
+                                            fieldSchema = this.makeEnumFilterSchema(model, def, false, true);
                                         } else {
                                             fieldSchema = z.never();
                                         }
                                     } else {
-                                        // regular field
-                                        fieldSchema = this.makePrimitiveFilterSchema(model, def, false);
+                                        fieldSchema = this.makePrimitiveFilterSchema(model, def, false, true);
                                     }
                                     return [key, fieldSchema];
                                 }),
@@ -776,7 +789,12 @@ export class InputValidator<Schema extends SchemaDef> {
     }
 
     @cache()
-    private makeEnumFilterSchema(model: string, fieldInfo: FieldInfo, withAggregations: boolean) {
+    private makeEnumFilterSchema(
+        model: string,
+        fieldInfo: FieldInfo,
+        withAggregations: boolean,
+        ignoreSlicing: boolean = false,
+    ) {
         const enumName = fieldInfo.type;
         const optional = !!fieldInfo.optional;
         const array = !!fieldInfo.array;
@@ -787,7 +805,7 @@ export class InputValidator<Schema extends SchemaDef> {
         if (array) {
             return this.internalMakeArrayFilterSchema(model, fieldInfo.name, baseSchema);
         }
-        const allowedFilterKinds = this.getEffectiveFilterKinds(model, fieldInfo.name);
+        const allowedFilterKinds = ignoreSlicing ? undefined : this.getEffectiveFilterKinds(model, fieldInfo.name);
         const components = this.makeCommonPrimitiveFilterComponents(
             baseSchema,
             optional,
@@ -797,12 +815,7 @@ export class InputValidator<Schema extends SchemaDef> {
             allowedFilterKinds,
         );
 
-        // If all filter operators are excluded, return z.never()
-        if (Object.keys(components).length === 0) {
-            return z.never();
-        }
-
-        return z.union([this.nullableIf(baseSchema, optional), z.strictObject(components)]);
+        return this.createUnionFilterSchema(baseSchema, optional, components, allowedFilterKinds);
     }
 
     @cache()
@@ -831,8 +844,13 @@ export class InputValidator<Schema extends SchemaDef> {
     }
 
     @cache()
-    private makePrimitiveFilterSchema(model: string, fieldInfo: FieldInfo, withAggregations: boolean) {
-        const allowedFilterKinds = this.getEffectiveFilterKinds(model, fieldInfo.name);
+    private makePrimitiveFilterSchema(
+        model: string,
+        fieldInfo: FieldInfo,
+        withAggregations: boolean,
+        ignoreSlicing = false,
+    ) {
+        const allowedFilterKinds = ignoreSlicing ? undefined : this.getEffectiveFilterKinds(model, fieldInfo.name);
         const type = fieldInfo.type as BuiltinType;
         const optional = !!fieldInfo.optional;
         return match(type)
@@ -935,12 +953,7 @@ export class InputValidator<Schema extends SchemaDef> {
             allowedFilterKinds,
         );
 
-        // If all filter operators are excluded, return z.never()
-        if (Object.keys(components).length === 0) {
-            return z.never();
-        }
-
-        return z.union([this.nullableIf(z.boolean(), optional), z.strictObject(components)]);
+        return this.createUnionFilterSchema(z.boolean(), optional, components, allowedFilterKinds);
     }
 
     @cache()
@@ -959,12 +972,7 @@ export class InputValidator<Schema extends SchemaDef> {
             allowedFilterKinds,
         );
 
-        // If all filter operators are excluded, return z.never()
-        if (Object.keys(components).length === 0) {
-            return z.never();
-        }
-
-        return z.union([this.nullableIf(baseSchema, optional), z.strictObject(components)]);
+        return this.createUnionFilterSchema(baseSchema, optional, components, allowedFilterKinds);
     }
 
     private makeCommonPrimitiveFilterComponents(
@@ -1022,12 +1030,7 @@ export class InputValidator<Schema extends SchemaDef> {
             allowedFilterKinds,
         );
 
-        // If all filter operators are excluded, return z.never()
-        if (Object.keys(components).length === 0) {
-            return z.never();
-        }
-
-        return z.union([this.nullableIf(baseSchema, optional), z.strictObject(components)]);
+        return this.createUnionFilterSchema(baseSchema, optional, components, allowedFilterKinds);
     }
 
     private makeNumberFilterSchema(
@@ -1078,12 +1081,7 @@ export class InputValidator<Schema extends SchemaDef> {
             ...filteredStringOperators,
         };
 
-        // If all filter operators are excluded, return z.never()
-        if (Object.keys(allComponents).length === 0) {
-            return z.never();
-        }
-
-        return z.union([this.nullableIf(z.string(), optional), z.strictObject(allComponents)]);
+        return this.createUnionFilterSchema(z.string(), optional, allComponents, allowedFilterKinds);
     }
 
     private makeStringModeSchema() {
@@ -2173,6 +2171,31 @@ export class InputValidator<Schema extends SchemaDef> {
         ) as Partial<T>;
     }
 
+    private createUnionFilterSchema(
+        valueSchema: ZodType,
+        optional: boolean,
+        components: Record<string, ZodType>,
+        allowedFilterKinds: Set<string> | undefined,
+    ) {
+        // If all filter operators are excluded
+        if (Object.keys(components).length === 0) {
+            // if equality filters are allowed, allow direct value
+            if (!allowedFilterKinds || allowedFilterKinds.has('Equality')) {
+                return this.nullableIf(valueSchema, optional);
+            }
+            // otherwise nothing is allowed
+            return z.never();
+        }
+
+        if (!allowedFilterKinds || allowedFilterKinds.has('Equality')) {
+            // direct value or filter operators
+            return z.union([this.nullableIf(valueSchema, optional), z.strictObject(components)]);
+        } else {
+            // filter operators
+            return z.strictObject(components);
+        }
+    }
+
     /**
      * Checks if a model is included in the slicing configuration.
      * Returns true if the model is allowed, false if it's excluded.

tests/e2e/orm/client-api/slicing.test.ts

@@ -1761,5 +1761,112 @@ describe('Query slicing tests', () => {
                 ).toBeRejectedByValidation(['"equals"']);
             });
         });
+
+        describe('Direct value filter slicing', () => {
+            it('allows direct value filters when Equality kind is included', async () => {
+                const options = {
+                    slicing: {
+                        models: {
+                            User: {
+                                fields: {
+                                    $all: {
+                                        includedFilterKinds: ['Equality'] as const,
+                                    },
+                                },
+                            },
+                        },
+                    },
+                    dialect: {} as any,
+                } as const;
+
+                const db = await createTestClient<typeof schema, typeof options>(schema, options);
+
+                await db.user.create({ data: { email: 'test@example.com', name: 'Test User' } });
+
+                const user = await db.user.findFirst({
+                    where: { email: 'test@example.com' },
+                });
+                expect(user?.email).toBe('test@example.com');
+            });
+
+            it('rejects direct value filters when Equality kind is excluded', async () => {
+                const options = {
+                    slicing: {
+                        models: {
+                            User: {
+                                fields: {
+                                    $all: {
+                                        includedFilterKinds: ['Range'] as const,
+                                    },
+                                },
+                            },
+                        },
+                    },
+                    dialect: {} as any,
+                } as const;
+
+                const db = await createTestClient<typeof schema, typeof options>(schema, options);
+
+                await db.user.create({ data: { email: 'test@example.com', name: 'Test User', age: 25 } });
+
+                await expect(
+                    db.user.findFirst({
+                        // @ts-expect-error - direct value shorthand maps to Equality filters
+                        where: { email: 'test@example.com' },
+                    }),
+                ).toBeRejectedByValidation(['"where.email"']);
+            });
+
+            it('still allows unique operations to use direct value filters', async () => {
+                const options = {
+                    slicing: {
+                        models: {
+                            User: {
+                                fields: {
+                                    $all: {
+                                        includedFilterKinds: ['Range'] as const,
+                                    },
+                                },
+                            },
+                        },
+                    },
+                    dialect: {} as any,
+                } as const;
+
+                const db = await createTestClient<typeof schema, typeof options>(schema, options);
+
+                await db.user.create({ data: { email: 'unique@example.com', name: 'Original Name' } });
+
+                await expect(
+                    db.user.findMany({
+                        // @ts-expect-error - findMany cannot use direct value filters without Equality kind
+                        where: { email: 'unique@example.com' },
+                    }),
+                ).toBeRejectedByValidation(['"where.email"']);
+
+                const uniqueUser = await db.user.findUnique({
+                    where: { email: 'unique@example.com' },
+                });
+                expect(uniqueUser?.name).toBe('Original Name');
+
+                await expect(
+                    db.user.findUnique({
+                        // @ts-expect-error non-unique fields are still sliced
+                        where: { email: 'unique@example.com', age: 10 },
+                    }),
+                ).toBeRejectedByValidation(['"where.age"']);
+
+                const updated = await db.user.update({
+                    where: { email: 'unique@example.com' },
+                    data: { name: 'Updated Name' },
+                });
+                expect(updated.name).toBe('Updated Name');
+
+                const deleted = await db.user.delete({
+                    where: { email: 'unique@example.com' },
+                });
+                expect(deleted.email).toBe('unique@example.com');
+            });
+        });
     });
 });