Update ssg and editor access functions

Re autonomic-cooperative/astro-payload-template#3

.drone.yml

@@ -4,7 +4,7 @@ name: publish pipeline
 steps:
   - name: publish astro container
     image: plugins/docker
-    settings:
+    settings: &docker-build-settings
       username: 3wordchant
       password:
         from_secret: git_autonomic_zone_token_3wc
@@ -14,32 +14,35 @@ steps:
       registry: git.autonomic.zone
       context: astro
       dockerfile: astro/Dockerfile
+    trigger: &exclude-event-custom
+      branch:
+        - main
+      event:
+        exclude:
+          - custom
+
   - name: publish payload dev container
     image: plugins/docker
-    settings:
+    settings: &payload-build-settings
-      username: 3wordchant
+      <<: *docker-build-settings
-      password:
-        from_secret: git_autonomic_zone_token_3wc
       # NOTE: edit this if you want your image called something else
       repo: git.autonomic.zone/autonomic-cooperative/astro-payload-test-payload-dev
-      auto_tag: true
-      registry: git.autonomic.zone
       context: payload
       dockerfile: payload/Dockerfile
       target: dev
+    trigger: 
+      << *exclude-event-custom
+
   - name: publish payload prod container
     image: plugins/docker
     settings:
+      <<: *payload-build-settings
       username: 3wordchant
-      password:
-        from_secret: git_autonomic_zone_token_3wc
-      # NOTE: edit this if you want your image called something else
       repo: git.autonomic.zone/autonomic-cooperative/astro-payload-test-payload
-      auto_tag: true
-      registry: git.autonomic.zone
-      context: payload
-      dockerfile: payload/Dockerfile
       target: prod
+    trigger: 
+      << *exclude-event-custom
+
   - name: deploy stack
     image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
     settings:
@@ -61,16 +64,8 @@ steps:
     depends_on:
       - publish payload prod container
     trigger: 
-  branch:
+      << *exclude-event-custom
-    - main
-  event:
-    exclude:
-      - custom
----
-kind: pipeline
-name: build astro
 
-steps:
   - name: build astro content
     image: git.autonomic.zone/autonomic-cooperative/astro-payload-test-astro:latest
     environment:
@@ -79,6 +74,9 @@ steps:
       - cd astro
       - mv /base/node_modules .
       - yarn build
+    depends_on:
+      - deploy stack
+
   - name: copy built content to stack
     image: git.coopcloud.tech/coop-cloud/docker-cp-deploy:latest
     settings:
@@ -90,7 +88,5 @@ steps:
       dest: /usr/share/nginx/html/
       deploy_key:
         from_secret: drone_ssh_swarm-demo.autonomic.zone
-
+    depends_on:
-trigger:
+      - build astro content
-  event:
-    - custom

README.md

@@ -1,4 +1,16 @@
-# How to use this template
+# Paystro 
+
+Paystro is a pre-configured setup for Astro and Payloadcms, designed to make it easy for you to start building your website. With Paystro, you'll have a complete development environment that you can run locally using Docker. This setup simplifies the testing and development of your website before deploying it to a production environment.
+
+## Architecture
+
+Paystro is a fork of [Astroad](https://github.com/mooxl/astroad).
+
+Unlike Astroad – where the "Astro" image is the built static site served with Nginx – Paystro's Astro image is a builder image.
+
+In Paystro, the Docker stack just contains Payload and a generic Nginx container.
+
+## How to use this template
 
 1. Create a new Gitea repository based on this template repo (choose at least
    "git content")
@@ -11,24 +23,30 @@ To set up deployment:
    including adding an SSH key as an organisational secret for the organisation
    this project is in (see [Autonomic internal
    docs](https://docz.autonomic.zone/doc/setting-up-auto-deployment-using-drone-I4j2onjaKT))
-2. Edit `.drone.yml` to define the server to host on, and the
+2. Edit `.drone.yml` to set variables:
-   `STACK_NAME` / `DOMAIN` of the deployed app.
+   - `HOST`: hostname or IP address of the server to deploy to (e.g.
-3. Generate secrets (`openssl rand -hex 32` works well) for `PAYLOAD_SECRET` and
+       `vps.example.tld`)
+   - `DOMAIN`: domain name of the live site (e.g. `site.example.tld`)
+   - `STACK_NAME`: the Docker stack name, usually `$DOMAIN` with dots replaced
+       with underscores (e.g. `site_example_tld`)
+   - `DRONE_URL`: root URL for the Drone instance (e.g.
+       `https://drone.example.tld`)
+3. Make sure that DNS records for `$DOMAIN` and `admin.$DOMAIN`, pointing to
+   `$HOST`, are defined.
+4. Generate secrets (`openssl rand -hex 32` works well) for `PAYLOAD_SECRET` and
    `MONGO_PASSWORD`. Insert the personal user token for a Drone bot user (e.g.
    `autono-bot`) as `TOKEN`). For all of them, use something like `echo "foobar"
    | docker secret create paystro_swarm-demo_autonomic_zone_token_v1 -`, where
    `paystro_swarm-demo_autonomic_zone` is the `STACK_NAME`.
-4. Activate the repo in Drone
+5. Activate the repo in Drone
 
-# Paystro
+---
 
-Paystro is a pre-configured setup for Astro and Payloadcms, designed to make it easy for you to start building your website. With Paystro, you'll have a complete development environment that you can run locally using Docker. This setup simplifies the testing and development of your website before deploying it to a production environment.
+# ${REPO_NAME}
-
-Paystro is a fork of [Astroad](https://github.com/mooxl/astroad).
 
 ## Prerequisites
 
-Before getting started with Paystro, make sure you have Docker installed (and, if your Docker doesn't include `docker compose`, the separate `docker-compose` tool).
+Before getting started, make sure you have Docker installed (and, if your Docker doesn't include `docker compose`, the separate `docker-compose` tool).
 
 ## Configuration
 
@@ -44,8 +62,4 @@ The `docker-compose.yml` file includes everything you need to run the containers
 
 Whenever the repository is updated, Drone builds new Docker images for Payload and Astro, and deploys a new Docker Swarm stack to the `HOST` configured in `.drone.yml`.
 
-Unlike Astroad – where the "Astro" image is the built static site served with Nginx – Paystro's Astro image is a builder image.
+Whenever changes are made to Payload content on the live site, Drone uses the Astro builder image to regenerate the static site, and publish it to the Nginx container by copying it into the Docker volume.
-
-In Paystro, the Docker stack just contains Payload and a generic Nginx container.
-
-Whenever changes are made to Payload content, Drone uses the Astro builder image to regenerate the static site, and publish it to the Nginx container by copying it into the Docker volume.

payload/src/access/isEditor.ts

@@ -3,10 +3,10 @@ import { User } from "../payload-types";
 
 export const isEditor: Access<any, User> = ({ req: { user } }) => {
   // Return true or false based on if the user has an editor role
-  return Boolean(user?.roles?.includes('editor', 'admin'));
+  return Boolean(user?.roles?.some(role => ['user', 'editor', 'admin'].includes(role)));
 }
 
 export const isEditorFieldLevel: FieldAccess<{ id: string }, unknown, User> = ({ req: { user } }) => {
   // Return true or false based on if the user has an editor role
-  return Boolean(user?.roles?.includes('editor', 'admin'));
+  return Boolean(user?.roles?.some(role => ['user', 'editor', 'admin'].includes(role)));
 }

payload/src/access/isSSG.ts

@@ -0,0 +1,12 @@
+import { Access, FieldAccess } from "payload/types";
+import { User } from "../payload-types";
+
+export const isSSG: Access<any, User> = ({ req: { user } }) => {
+  // Return true or false based on if the user has an ssg or admin role
+  return Boolean(user?.roles?.some(role => ['ssg', 'admin'].includes(role)));
+}
+
+export const isSSGFieldLevel: FieldAccess<{ id: string }, unknown, User> = ({ req: { user } }) => {
+  // Return true or false based on if the user has an ssg or admin role
+  return Boolean(user?.roles?.some(role => ['ssg', 'admin'].includes(role)));
+}

payload/src/access/isUser.ts

@@ -0,0 +1,13 @@
+import { Access, FieldAccess } from "payload/types";
+import { User } from "../payload-types";
+
+export const isUser: Access<any, User> = ({ req: { user } }) => {
+  // Return true or false based on if the user has an ssg or admin role
+  return Boolean(user?.roles?.some(role => ['user', 'editor', 'admin'].includes(role)));
+
+}
+
+export const isUserFieldLevel: FieldAccess<{ id: string }, unknown, User> = ({ req: { user } }) => {
+  // Return true or false based on if the user has an ssg or admin role
+  return Boolean(user?.roles?.some(role => ['user', 'editor', 'admin'].includes(role)));
+}

payload/src/collections/Authors.ts

@@ -0,0 +1,44 @@
+import { CollectionConfig } from "payload/types";
+import { isAdmin } from "@/access/isAdmin";
+import { isEditor } from "@/access/isEditor";
+import { isSSG } from "@/access/isSSG";
+import { isUser } from "@/access/isUser";
+import { isEditorOrSelf } from "@/access/isEditorOrSelf";
+
+const Authors: CollectionConfig = {
+  slug: "authors",
+  admin: {
+    defaultColumns: ["avatar","name"],
+    useAsTitle: "name",
+  },
+  access: {
+    //TODO: Author can CRUD own post
+    create: isUser,
+    read: () => true,
+    update: isEditor,
+    delete: isEditor,
+  },
+  fields: [
+    {
+      name: "name",
+      type: "text",
+      required: true
+    },
+    {
+      name: "avatar",
+      type: "upload",
+      relationTo: "media",
+      required: false,
+    },
+    {
+      name: "user",
+      type: "relationship",
+      relationTo: "users",
+      admin: {
+        description: 'The selected user will be able to edit this author'
+      },
+    }
+  ],
+};
+
+export default Authors;

payload/src/collections/Posts.ts

@@ -2,6 +2,7 @@ import { CollectionConfig } from "payload/types";
 import { isAdmin } from "@/access/isAdmin";
 import { isEditor } from "@/access/isEditor";
 import { isSSG } from "@/access/isSSG";
+import { isUser } from "@/access/isUser";
 
 const Posts: CollectionConfig = {
   slug: "posts",
@@ -12,7 +13,7 @@ const Posts: CollectionConfig = {
   },
   access: {
     //TODO: Author can CRUD own post
-    create: isEditor,
+    create: isUser,
     read: () => true,
     update: isEditor,
     delete: isEditor,
@@ -89,12 +90,11 @@ const Posts: CollectionConfig = {
       },
     },
     {
-      name: "author",
+      name: "authors",
       //TODO: Add active user as default
       type: 'relationship', 
-      relationTo: 'users', 
+      relationTo: 'authors', 
-      hasMany: false,
+      hasMany: true,
-      required: false,
       admin: {
         position: "sidebar",
       },

payload/src/collections/Users.ts

@@ -35,10 +35,6 @@ const Users: CollectionConfig = {
         update: isAdminFieldLevel,
       },
     },
-    {
-      name: 'name',
-      type: 'text',
-    }
   ],
 };
 

payload/src/payload.config.ts

@@ -2,6 +2,7 @@ import { buildConfig } from "payload/config";
 import path from "path";
 import Posts from "@/collections/Posts";
 import Users from "@/collections/Users";
+import Authors from "./collections/Authors";
 import Media from "@/collections/Media";
 
 export default buildConfig({
@@ -19,7 +20,7 @@ export default buildConfig({
       },
     }),
   },
-  collections: [Posts, Users, Media],
+  collections: [Posts, Users, Authors, Media],
   typescript: {
     outputFile: path.resolve("/", "types.ts"),
   },