[schema] Hidden and read-only fields for models

Problem

Some model attributes shall not be exposed at any time. For instance, createdAt may never be modified programmatically. Or id values shall not be returned from the public API.

Suggested solution

Read-only attributes could make sure not to expose fields like createdAt for modification:

model User {
  id String @id @default(cuid())
  createdAt DateTime @default(now()) @readonly
  // …
}

When querying for them, they would still be present in results, but they may not be updated.

Attributes like id may not be exposed by the results of find* and other methods, offering safer API results by default. However, hidden attributes like the id could still be used in conditions to cater for relations:

model User {
  id String @id @default(cuid()) @hidden
  // …
}

Alternatives

The naming of these @{rules} may be more explicit. Examples:

• @access(read) / @access(condition)
• @unselectable instead of @hidden

Also, hidden fields may be force-selected by specifying them in select objects.

Additional context

This issue is related to the discussion in #2127. While Nexus and other third-party solutions make it possible to constrain the usage of models, Prisma could make typing them way more convenient, especially for rest APIs.