Skip to content

Commit edaf753

Browse files
CrawlerCodeCrawlerCode
committed
feat: Set default access control (read, update and delete own user)
1 parent d7338aa commit edaf753

File tree

2 files changed

+156
-86
lines changed

2 files changed

+156
-86
lines changed

dev/src/payload/collections/users.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ const Users: CollectionConfig = {
55
admin: {
66
useAsTitle: "name",
77
},
8+
access: {
9+
/* admin: ({ req: { user } }) => {
10+
return user?.roles?.includes("admin") ?? false;
11+
}, */
12+
},
813
fields: [
914
{
1015
name: "roles",

src/payload/generateUsersCollection.ts

Lines changed: 151 additions & 86 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,150 @@ import { withPayload } from "../authjs/withPayload";
55
import { AuthjsAuthStrategy } from "./AuthjsAuthStrategy";
66
import type { AuthjsPluginConfig } from "./plugin";
77

8+
const defaultUsersCollection = {
9+
/**
10+
* Default fields
11+
*/
12+
fields: [
13+
{
14+
name: "id",
15+
type: "text",
16+
admin: {
17+
readOnly: true,
18+
},
19+
},
20+
{
21+
name: "email",
22+
type: "email",
23+
required: true,
24+
// unique: true,
25+
},
26+
{
27+
name: "name",
28+
type: "text",
29+
},
30+
{
31+
name: "image",
32+
type: "text",
33+
},
34+
{
35+
name: "emailVerified",
36+
type: "date",
37+
},
38+
{
39+
name: "accounts",
40+
type: "array",
41+
fields: [
42+
{
43+
name: "id",
44+
type: "text",
45+
admin: {
46+
disabled: true,
47+
},
48+
},
49+
{ name: "provider", type: "text", required: true },
50+
{ name: "providerAccountId", type: "text", required: true },
51+
{ name: "type", type: "text", required: true },
52+
],
53+
admin: {
54+
readOnly: true,
55+
position: "sidebar",
56+
initCollapsed: true,
57+
},
58+
access: {
59+
create: () => false,
60+
update: () => false,
61+
},
62+
},
63+
{
64+
name: "sessions",
65+
type: "array",
66+
fields: [
67+
{
68+
name: "id",
69+
type: "text",
70+
admin: {
71+
disabled: true,
72+
},
73+
},
74+
{ name: "sessionToken", type: "text", required: true },
75+
{ name: "expires", type: "date", required: true },
76+
],
77+
admin: {
78+
readOnly: true,
79+
position: "sidebar",
80+
initCollapsed: true,
81+
},
82+
access: {
83+
create: () => false,
84+
update: () => false,
85+
},
86+
},
87+
{
88+
name: "verificationTokens",
89+
type: "array",
90+
fields: [
91+
{
92+
name: "id",
93+
type: "text",
94+
admin: {
95+
disabled: true,
96+
},
97+
},
98+
{ name: "token", type: "text", required: true },
99+
{ name: "expires", type: "date", required: true },
100+
],
101+
admin: {
102+
readOnly: true,
103+
position: "sidebar",
104+
initCollapsed: true,
105+
},
106+
access: {
107+
create: () => false,
108+
update: () => false,
109+
},
110+
},
111+
],
112+
/**
113+
* Override the default access control. Only allow users to read, update and delete their own user
114+
*/
115+
access: {
116+
read: ({ req: { user } }) => {
117+
if (!user) {
118+
return false;
119+
}
120+
return {
121+
id: {
122+
equals: user.id,
123+
},
124+
};
125+
},
126+
readVersions: () => false,
127+
create: () => false,
128+
update: ({ req: { user } }) => {
129+
if (!user) {
130+
return false;
131+
}
132+
return {
133+
id: {
134+
equals: user.id,
135+
},
136+
};
137+
},
138+
delete: ({ req: { user } }) => {
139+
if (!user) {
140+
return false;
141+
}
142+
return {
143+
id: {
144+
equals: user.id,
145+
},
146+
};
147+
},
148+
unlock: () => false,
149+
},
150+
} satisfies Partial<CollectionConfig>;
151+
8152
export const generateUsersCollection = (
9153
collections: CollectionConfig[],
10154
pluginOptions: AuthjsPluginConfig,
@@ -24,92 +168,13 @@ export const generateUsersCollection = (
24168
}
25169

26170
// Add or patch fields in users collection
27-
createOrPatchField(collection.fields, {
28-
name: "id",
29-
type: "text",
30-
admin: {
31-
readOnly: true,
32-
},
33-
});
34-
createOrPatchField(collection.fields, {
35-
name: "email",
36-
type: "email",
37-
required: true,
38-
// unique: true,
39-
});
40-
createOrPatchField(collection.fields, {
41-
name: "name",
42-
type: "text",
43-
});
44-
createOrPatchField(collection.fields, {
45-
name: "image",
46-
type: "text",
47-
});
48-
createOrPatchField(collection.fields, {
49-
name: "emailVerified",
50-
type: "date",
51-
});
52-
createOrPatchField(collection.fields, {
53-
name: "accounts",
54-
type: "array",
55-
fields: [
56-
{
57-
name: "id",
58-
type: "text",
59-
admin: {
60-
disabled: true,
61-
},
62-
},
63-
{ name: "provider", type: "text", required: true },
64-
{ name: "providerAccountId", type: "text", required: true },
65-
{ name: "type", type: "text", required: true },
66-
],
67-
admin: {
68-
readOnly: true,
69-
position: "sidebar",
70-
initCollapsed: true,
71-
},
72-
});
73-
createOrPatchField(collection.fields, {
74-
name: "sessions",
75-
type: "array",
76-
fields: [
77-
{
78-
name: "id",
79-
type: "text",
80-
admin: {
81-
disabled: true,
82-
},
83-
},
84-
{ name: "sessionToken", type: "text", required: true },
85-
{ name: "expires", type: "date", required: true },
86-
],
87-
admin: {
88-
readOnly: true,
89-
position: "sidebar",
90-
initCollapsed: true,
91-
},
92-
});
93-
createOrPatchField(collection.fields, {
94-
name: "verificationTokens",
95-
type: "array",
96-
fields: [
97-
{
98-
name: "id",
99-
type: "text",
100-
admin: {
101-
disabled: true,
102-
},
103-
},
104-
{ name: "token", type: "text", required: true },
105-
{ name: "expires", type: "date", required: true },
106-
],
107-
admin: {
108-
readOnly: true,
109-
position: "sidebar",
110-
initCollapsed: true,
111-
},
112-
});
171+
defaultUsersCollection.fields.forEach(field => createOrPatchField(collection.fields, field));
172+
173+
// Override the access control
174+
collection.access = {
175+
...defaultUsersCollection.access,
176+
...collection.access,
177+
};
113178

114179
// Add auth strategy to users collection
115180
collection.auth = {

0 commit comments

Comments
 (0)