fix: locked documents with read access for users (#8950)

### What?

When read access is restricted on the `users` collection - restricted
users would not have access to other users complete user data object
only their IDs when accessing `user.value`.

### Why?

This is problematic when determining the lock status of a document from
a restricted users perspective as `user.id` would not exist - the user
data would not be an object in this case but instead a `string` or
`number` value for user ID

### How?

This PR properly handles both cases now and checks if the incoming user
data is an object or just a `string` / `number`.

test/locked-documents/collections/Users/index.ts

@@ -6,10 +6,26 @@ export const Users: CollectionConfig = {
     useAsTitle: 'name',
   },
   auth: true,
+  access: {
+    read: ({ req: { user }, id }) => {
+      // Allow access if the user has the 'is_admin' role or if they are reading their own record
+      return Boolean(user?.roles?.includes('is_admin') || user?.id === id)
+    },
+  },
   fields: [
     {
       name: 'name',
       type: 'text',
     },
+    {
+      name: 'roles',
+      type: 'select',
+      hasMany: true,
+      // required: true,
+      options: [
+        { label: 'User', value: 'is_user' },
+        { label: 'Admin', value: 'is_admin' },
+      ],
+    },
   ],
 }

test/locked-documents/config.ts

@@ -29,6 +29,7 @@ export default buildConfigWithDefaults({
           email: devUser.email,
           password: devUser.password,
           name: 'Admin',
+          roles: ['is_admin', 'is_user'],
         },
       })
 
@@ -38,6 +39,7 @@ export default buildConfigWithDefaults({
           email: regularUser.email,
           password: regularUser.password,
           name: 'Dev',
+          roles: ['is_user'],
         },
       })
 

test/locked-documents/e2e.spec.ts

@@ -106,6 +106,7 @@ describe('locked documents', () => {
         data: {
           email: 'user2@payloadcms.com',
           password: '1234',
+          roles: ['is_user'],
         },
       })
 
@@ -349,6 +350,7 @@ describe('locked documents', () => {
         data: {
           email: 'user2@payloadcms.com',
           password: '1234',
+          roles: ['is_user'],
         },
       })
 
@@ -650,6 +652,7 @@ describe('locked documents', () => {
         data: {
           email: 'user2@payloadcms.com',
           password: '1234',
+          roles: ['is_user'],
         },
       })
 
@@ -810,6 +813,7 @@ describe('locked documents', () => {
         data: {
           email: 'user2@payloadcms.com',
           password: '1234',
+          roles: ['is_user'],
         },
       })
 
@@ -899,6 +903,7 @@ describe('locked documents', () => {
         data: {
           email: 'user2@payloadcms.com',
           password: '1234',
+          roles: ['is_user'],
         },
       })
 
@@ -989,6 +994,7 @@ describe('locked documents', () => {
         data: {
           email: 'user2@payloadcms.com',
           password: '1234',
+          roles: ['is_user'],
         },
       })
     })
@@ -1174,6 +1180,7 @@ describe('locked documents', () => {
         data: {
           email: 'user2@payloadcms.com',
           password: '1234',
+          roles: ['is_user'],
         },
       })
 

test/locked-documents/payload-types.ts

@@ -89,6 +89,7 @@ export interface Test {
 export interface User {
   id: string;
   name?: string | null;
+  roles?: ('is_user' | 'is_admin')[] | null;
   updatedAt: string;
   createdAt: string;
   email: string;