tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(examples): fix read permission in auth example (#12403)

Browse Source 
The return value of the `adminsAndUser` method was not a proper Query to
limit the read scope of the read access. So users could read all user
data of the system.

Alongside I streamlined the type imports (fixes #12323) and fixed some
typescript typings. And aligned the export of the mentioned to align
with the other access methods.
This commit is contained in:
Rémy
2025-05-22 19:46:27 +02:00
committed by GitHub
parent 1b1e36e2df
commit cceb793257
6 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
examples/auth/src/collections/Users.ts
View File

@@ -1,7 +1,7 @@
import type { CollectionConfig } from 'payload/types' import type { CollectionConfig } from 'payload/types'
import { admins } from './access/admins' import { admins } from './access/admins'
import adminsAndUser from './access/adminsAndUser' import { adminsAndUser } from './access/adminsAndUser'
import { anyone } from './access/anyone' import { anyone } from './access/anyone'
import { checkRole } from './access/checkRole' import { checkRole } from './access/checkRole'
import { loginAfterCreate } from './hooks/loginAfterCreate' import { loginAfterCreate } from './hooks/loginAfterCreate'
@@ -25,6 +25,7 @@ export const Users: CollectionConfig = {
create: anyone, create: anyone,
update: adminsAndUser, update: adminsAndUser,
delete: admins, delete: admins,
unlock: admins,
admin: ({ req: { user } }) => checkRole(['admin'], user), admin: ({ req: { user } }) => checkRole(['admin'], user),
}, },
hooks: { hooks: {

2
examples/auth/src/collections/access/admins.ts
View File

@@ -1,4 +1,4 @@
import type { Access } from 'payload/config' import type { Access } from 'payload'
import { checkRole } from './checkRole' import { checkRole } from './checkRole'

8
examples/auth/src/collections/access/adminsAndUser.ts
View File

@@ -1,19 +1,17 @@
import type { Access } from 'payload/config' import type { Access } from 'payload'
import { checkRole } from './checkRole' import { checkRole } from './checkRole'
const adminsAndUser: Access = ({ req: { user } }) => { export const adminsAndUser: Access = ({ req: { user } }) => {
if (user) { if (user) {
if (checkRole(['admin'], user)) { if (checkRole(['admin'], user)) {
return true return true
} }
return { return {
id: user.id, id: { equals: user.id },
} }
} }
return false return false
} }
export default adminsAndUser

2
examples/auth/src/collections/access/anyone.ts
View File

@@ -1,3 +1,3 @@
import type { Access } from 'payload/config' import type { Access } from 'payload'
export const anyone: Access = () => true export const anyone: Access = () => true

7
examples/auth/src/collections/access/checkRole.ts
View File

@@ -1,6 +1,6 @@
import type { User } from '../../payload-types' import type { User } from '../../payload-types'
export const checkRole = (allRoles: User['roles'] = [], user: User = undefined): boolean => { export const checkRole = (allRoles: User['roles'] = [], user: User | null = null): boolean => {
if (user) { if (user) {
if ( if (
allRoles.some((role) => { allRoles.some((role) => {
@@ -8,8 +8,9 @@ export const checkRole = (allRoles: User['roles'] = [], user: User = undefined):
return individualRole === role return individualRole === role
}) })
}) })
) ) {
{return true} return true
}
} }
return false return false

2
examples/auth/src/collections/hooks/protectRoles.ts
View File

@@ -1,4 +1,4 @@
import type { FieldHook } from 'payload/types' import type { FieldHook } from 'payload'
import type { User } from '../../payload-types' import type { User } from '../../payload-types'