From 73f418bb5cadf73f683fe04ee94e4d24c8cfe96f Mon Sep 17 00:00:00 2001
From: James <james@trbl.design>
Date: Tue, 8 Mar 2022 14:42:47 -0500
Subject: [PATCH] feat: exposes data arg within create and update access
 control

---
 docs/access-control/collections.mdx  | 16 +++++++++-------
 docs/access-control/globals.mdx      |  7 ++++---
 src/collections/operations/create.ts |  2 +-
 src/collections/operations/update.ts |  6 +++---
 src/globals/operations/update.ts     |  6 +++---
 5 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/docs/access-control/collections.mdx b/docs/access-control/collections.mdx
index 02240d484d..a6cbc02541 100644
--- a/docs/access-control/collections.mdx
+++ b/docs/access-control/collections.mdx
@@ -48,9 +48,10 @@ Returns a boolean which allows/denies access to the `create` request.
 
 **Available argument properties :**
 
-| Option    | Description |
-| --------- | ----------- |
-| **`req`** | The Express `request` object containing the currently authenticated `user` |
+| Option     | Description |
+| ---------- | ----------- |
+| **`req`**  | The Express `request` object containing the currently authenticated `user` |
+| **`data`** | The data passed to create the document with. |
 
 ### Read
 
@@ -69,10 +70,11 @@ Update access functions can return a boolean result or optionally return a [quer
 
 **Available argument properties :**
 
-| Option    | Description |
-| --------- | ----------- |
-| **`req`** | The Express `request` object containing the currently authenticated `user` |
-| **`id`**  | `id` of document requested to update |
+| Option     | Description |
+| ---------- | ----------- |
+| **`req`**  | The Express `request` object containing the currently authenticated `user` |
+| **`id`**   | `id` of document requested to update |
+| **`data`** | The data passed to update the document with. |
 
 ### Delete
 
diff --git a/docs/access-control/globals.mdx b/docs/access-control/globals.mdx
index fd0051e525..3cd6fc4dce 100644
--- a/docs/access-control/globals.mdx
+++ b/docs/access-control/globals.mdx
@@ -46,6 +46,7 @@ Returns a boolean result or optionally a [query constraint](/docs/queries/overvi
 
 **Available argument properties:**
 
-| Option    | Description |
-| --------- | ----------- |
-| **`req`** | The Express `request` object containing the currently authenticated `user` |
+| Option     | Description |
+| ---------- | ----------- |
+| **`req`**  | The Express `request` object containing the currently authenticated `user` |
+| **`data`** | The data passed to update the global with. |
diff --git a/src/collections/operations/create.ts b/src/collections/operations/create.ts
index df0dc85ff8..35215a77b9 100644
--- a/src/collections/operations/create.ts
+++ b/src/collections/operations/create.ts
@@ -67,7 +67,7 @@ async function create(this: Payload, incomingArgs: Arguments): Promise<Document>
   // /////////////////////////////////////
 
   if (!overrideAccess) {
-    await executeAccess({ req }, collectionConfig.access.create);
+    await executeAccess({ req, data }, collectionConfig.access.create);
   }
 
   // /////////////////////////////////////
diff --git a/src/collections/operations/update.ts b/src/collections/operations/update.ts
index 1c981f58b6..98ed7929ff 100644
--- a/src/collections/operations/update.ts
+++ b/src/collections/operations/update.ts
@@ -64,6 +64,8 @@ async function update(this: Payload, incomingArgs: Arguments): Promise<Document>
     autosave = false,
   } = args;
 
+  let { data } = args;
+
   if (!id) {
     throw new APIError('Missing ID of document to update.', httpStatus.BAD_REQUEST);
   }
@@ -74,7 +76,7 @@ async function update(this: Payload, incomingArgs: Arguments): Promise<Document>
   // Access
   // /////////////////////////////////////
 
-  const accessResults = !overrideAccess ? await executeAccess({ req, id }, collectionConfig.access.update) : true;
+  const accessResults = !overrideAccess ? await executeAccess({ req, id, data }, collectionConfig.access.update) : true;
   const hasWherePolicy = hasWhereAccessResult(accessResults);
 
   // /////////////////////////////////////
@@ -120,8 +122,6 @@ async function update(this: Payload, incomingArgs: Arguments): Promise<Document>
     showHiddenFields,
   });
 
-  let { data } = args;
-
   // /////////////////////////////////////
   // Upload and resize potential files
   // /////////////////////////////////////
diff --git a/src/globals/operations/update.ts b/src/globals/operations/update.ts
index 03f12f786f..e49ca2adaf 100644
--- a/src/globals/operations/update.ts
+++ b/src/globals/operations/update.ts
@@ -26,13 +26,15 @@ async function update<T extends TypeWithID = any>(this: Payload, args): Promise<
     autosave,
   } = args;
 
+  let { data } = args;
+
   const shouldSaveDraft = Boolean(draftArg && globalConfig.versions.drafts);
 
   // /////////////////////////////////////
   // 1. Retrieve and execute access
   // /////////////////////////////////////
 
-  const accessResults = !overrideAccess ? await executeAccess({ req }, globalConfig.access.update) : true;
+  const accessResults = !overrideAccess ? await executeAccess({ req, data }, globalConfig.access.update) : true;
 
   // /////////////////////////////////////
   // Retrieve document
@@ -84,8 +86,6 @@ async function update<T extends TypeWithID = any>(this: Payload, args): Promise<
     showHiddenFields,
   });
 
-  let { data } = args;
-
   // /////////////////////////////////////
   // beforeValidate - Fields
   // /////////////////////////////////////