Skip to content
CFast CFast

Operation

Operation<TResult> = object

Defined in: packages/db/src/types.ts:27

A lazy, permission-aware database operation.

Every method on Db returns an Operation instead of a promise. The operation exposes its permission requirements via .permissions for inspection and executes with full permission checking via .run(). This two-phase design enables UI adaptation, upfront composition via compose, and introspection before any SQL is executed.

Example

Section titled “Example”
const op = db.query(posts).findMany();


// Inspect permissions without executing
console.log(op.permissions);
// => [{ action: "read", table: "posts" }]


// Execute with permission checks
const rows = await op.run({});

Type Parameters

Section titled “Type Parameters”

TResult

Section titled “TResult”

TResult

The type of the result returned by .run().

Properties

Section titled “Properties”

permissions

Section titled “permissions”

permissions: PermissionDescriptor[]

Defined in: packages/db/src/types.ts:29

Structural permission requirements. Available immediately without execution.

run()

Section titled “run()”

run: (params?) => Promise<TResult>

Defined in: packages/db/src/types.ts:36

Checks permissions, applies permission WHERE clauses, executes the query via Drizzle, and returns the result. Throws ForbiddenError if the user’s role lacks a required grant.

Parameters

Section titled “Parameters”
params?
Section titled “params?”

Record<string, unknown>

Placeholder values for sql.placeholder() calls. Pass {} when no placeholders are used.

Returns

Section titled “Returns”

Promise<TResult>