[Feature Request] Access policy allow field to be created only with default value

[jiashengguo]

For example, the Payment could be created by customer, but the isPaid field should not be changed by customer, it could only be updated by the backend service after receive the webhook callback.

model Payment {
   ...
   isPaid @default(false) @deny('create', true)
   @@allow('create, read', auth() == owner)
}

However, the current field level access policy doesn't allow control for 'create' policy.

[genu]

Is there a workaround for this limitation at the moment?

[jiashengguo]

I think there are two workarounds you can use:

1. Use field access policy to deny update.

    isPaid @default(false) @deny('update', true)

   But you need to make sure that isPaid is never provided when calling create function.

2. Use ignore

   isPaid @default(false) @ignore

   The trade-off is that you have to use raw SQL to update it since it is excluded from prisma client.