Deny access if no roles

2024-07-06 19:49:50 +02:00 · 2024-07-06 19:49:50 +02:00 · 90f1750945
commit 90f1750945
parent abe4a3c883
4 changed files with 23 additions and 26 deletions
--- a/payload.config.ts
+++ b/payload.config.ts
@ -37,7 +37,7 @@ export default buildConfig({
  collections: [Users, Posts, Authors, Media, Pages],
  admin: {
    autoLogin: {
-      email: 'dev@payloadcms.com',
+      email: 'admin@nextload.test',
      password: 'test',
      prefillOnly: true,
    },
--- a/src/app/(payload)/access/isAdmin.ts
+++ b/src/app/(payload)/access/isAdmin.ts
@ -2,11 +2,11 @@ import { Access } from 'payload/types'
 import type { User } from 'types/payload-types'

 export const isAdmin = ({ req: { user } }: any) => {
-  if (!user.roles) {
+  if (!user || !user.roles) {
    return false
  }

-  if (user && user.roles?.includes('admin')) {
+  if (user.roles?.includes('admin')) {
    return true
  }

@ -14,11 +14,11 @@ export const isAdmin = ({ req: { user } }: any) => {
 }

 export const isAdminOrCreatedBy = ({ req: { user } }: any) => {
-  if (user.role) {
+  if (!user || !user.roles) {
    return false
  }

-  if (user && user.role === 'admin') {
+  if (user.roles?.includes('admin')) {
    return true
  }

@ -34,27 +34,24 @@ export const isAdminOrCreatedBy = ({ req: { user } }: any) => {
 }

 export const isAdminOrSelf = ({ req: { user } }: any) => {
-  if (user) {
-    if (!user.roles) {
-      return false
-    }
-
-    if (user.roles?.includes('admin')) {
-      return true
-    }
-
-    // Non-admin: can only access themselves
-    return {
-      id: {
-        equals: user.id,
-      },
-    }
+  if (!user || !user.roles) {
+    return false
+  }
+
+  if (user.roles?.includes('admin')) {
+    return true
+  }
+
+  // Non-admin: can only access themselves
+  return {
+    id: {
+      equals: user.id,
+    },
  }
-  return false
 }

 export const isAdminOrPublished = ({ req: { user } }: any) => {
-  if (user && user?.role === 'admin') {
+  if (user.roles?.includes('admin')) {
    return true
  }

--- a/src/app/(payload)/access/isEditor.ts
+++ b/src/app/(payload)/access/isEditor.ts
@ -2,11 +2,11 @@ import { Access, FieldAccess } from 'payload/types'
 import type { User } from 'types/payload-types'

 export const isEditor = ({ req: { user } }: any) => {
-  if (!user.roles) {
+  if (!user || !user.roles) {
    return false
  }

-  if (user && user?.roles?.some((role: string) => ['editor', 'admin'].includes(role))) {
+  if (user?.roles?.some((role: string) => ['editor', 'admin'].includes(role))) {
    return true
  }

--- a/src/app/(payload)/access/isUser.ts
+++ b/src/app/(payload)/access/isUser.ts
@ -2,11 +2,11 @@ import { Access, FieldAccess } from 'payload/types'
 import type { User } from 'types/payload-types'

 export const isUser = ({ req: { user } }: any) => {
-  if (!user.roles) {
+  if (!user || !user.roles) {
    return false
  }

-  if (user && user?.roles?.some((role: string) => ['user', 'editor', 'admin'].includes(role))) {
+  if (user?.roles?.some((role: string) => ['user', 'editor', 'admin'].includes(role))) {
    return true
  }