From 90f17509456ceb28d1c77b7bee73c1c550013eb9 Mon Sep 17 00:00:00 2001 From: tobias Date: Sat, 6 Jul 2024 19:49:50 +0200 Subject: [PATCH] Deny access if no roles --- payload.config.ts | 2 +- src/app/(payload)/access/isAdmin.ts | 39 +++++++++++++--------------- src/app/(payload)/access/isEditor.ts | 4 +-- src/app/(payload)/access/isUser.ts | 4 +-- 4 files changed, 23 insertions(+), 26 deletions(-) diff --git a/payload.config.ts b/payload.config.ts index 29fbbd0..65cade6 100644 --- a/payload.config.ts +++ b/payload.config.ts @@ -37,7 +37,7 @@ export default buildConfig({ collections: [Users, Posts, Authors, Media, Pages], admin: { autoLogin: { - email: 'dev@payloadcms.com', + email: 'admin@nextload.test', password: 'test', prefillOnly: true, }, diff --git a/src/app/(payload)/access/isAdmin.ts b/src/app/(payload)/access/isAdmin.ts index d649515..7e23d56 100644 --- a/src/app/(payload)/access/isAdmin.ts +++ b/src/app/(payload)/access/isAdmin.ts @@ -2,11 +2,11 @@ import { Access } from 'payload/types' import type { User } from 'types/payload-types' export const isAdmin = ({ req: { user } }: any) => { - if (!user.roles) { + if (!user || !user.roles) { return false } - if (user && user.roles?.includes('admin')) { + if (user.roles?.includes('admin')) { return true } @@ -14,11 +14,11 @@ export const isAdmin = ({ req: { user } }: any) => { } export const isAdminOrCreatedBy = ({ req: { user } }: any) => { - if (user.role) { + if (!user || !user.roles) { return false } - if (user && user.role === 'admin') { + if (user.roles?.includes('admin')) { return true } @@ -34,27 +34,24 @@ export const isAdminOrCreatedBy = ({ req: { user } }: any) => { } export const isAdminOrSelf = ({ req: { user } }: any) => { - if (user) { - if (!user.roles) { - return false - } - - if (user.roles?.includes('admin')) { - return true - } - - // Non-admin: can only access themselves - return { - id: { - equals: user.id, - }, - } + if (!user || !user.roles) { + return false + } + + if (user.roles?.includes('admin')) { + return true + } + + // Non-admin: can only access themselves + return { + id: { + equals: user.id, + }, } - return false } export const isAdminOrPublished = ({ req: { user } }: any) => { - if (user && user?.role === 'admin') { + if (user.roles?.includes('admin')) { return true } diff --git a/src/app/(payload)/access/isEditor.ts b/src/app/(payload)/access/isEditor.ts index e25dbe5..6040230 100644 --- a/src/app/(payload)/access/isEditor.ts +++ b/src/app/(payload)/access/isEditor.ts @@ -2,11 +2,11 @@ import { Access, FieldAccess } from 'payload/types' import type { User } from 'types/payload-types' export const isEditor = ({ req: { user } }: any) => { - if (!user.roles) { + if (!user || !user.roles) { return false } - if (user && user?.roles?.some((role: string) => ['editor', 'admin'].includes(role))) { + if (user?.roles?.some((role: string) => ['editor', 'admin'].includes(role))) { return true } diff --git a/src/app/(payload)/access/isUser.ts b/src/app/(payload)/access/isUser.ts index 5b9fdde..68d9ef1 100644 --- a/src/app/(payload)/access/isUser.ts +++ b/src/app/(payload)/access/isUser.ts @@ -2,11 +2,11 @@ import { Access, FieldAccess } from 'payload/types' import type { User } from 'types/payload-types' export const isUser = ({ req: { user } }: any) => { - if (!user.roles) { + if (!user || !user.roles) { return false } - if (user && user?.roles?.some((role: string) => ['user', 'editor', 'admin'].includes(role))) { + if (user?.roles?.some((role: string) => ['user', 'editor', 'admin'].includes(role))) { return true }