fix(ui): updates auth fields UI to reflect access control (#12745)

### What? Reflects any access control restrictions applied to Auth fields in the UI. I.e. if `email` has `update: () => false` the field should be displayed as read-only. ### Why? Currently any access control that is applied to auth fields is functional but is not matched within the UI. For example: - `password` that does not have read access will not return data, but the field will still be shown when it should be hidden - `email` that does not have update access, updating the field and saving the doc will **not** update the data, but it should be displayed as read-only so nothing can be filled out and the updating restriction is made clear ### How? Passes field permissions through to the Auth fields UI and adds docs with instructions on how to override auth field access. #### Testing Use `access-control` test suite and `auth` collection. Tests added to `access-control` e2e. Fixes #11569
2025-06-25 14:55:07 +01:00
parent 0d50799b79
commit 1845669e68
9 changed files with 378 additions and 61 deletions
--- a/test/access-control/collections/Auth/index.ts
+++ b/test/access-control/collections/Auth/index.ts
@@ -0,0 +1,53 @@
+import type { CollectionConfig } from 'payload'
+
+import { authSlug } from '../../shared.js'
+
+export const Auth: CollectionConfig = {
+  slug: authSlug,
+  auth: {
+    verify: true,
+    // loginWithUsername: {
+    //   requireEmail: true,
+    //   allowEmailLogin: true,
+    // },
+  },
+  fields: [
+    {
+      name: 'email',
+      type: 'text',
+      access: {
+        update: ({ req: { user }, data }) => {
+          const isUserOrSelf =
+            (user && 'roles' in user && user?.roles?.includes('admin')) || user?.id === data?.id
+          return isUserOrSelf
+        },
+      },
+    },
+    // {
+    //   name: 'username',
+    //   type: 'text',
+    //   access: {
+    //     update: () => false,
+    //   },
+    // },
+    {
+      name: 'password',
+      type: 'text',
+      hidden: true,
+      access: {
+        update: ({ req: { user }, data }) => {
+          const isUserOrSelf =
+            (user && 'roles' in user && user?.roles?.includes('admin')) || user?.id === data?.id
+          return isUserOrSelf
+        },
+      },
+    },
+    {
+      name: 'roles',
+      type: 'select',
+      defaultValue: ['user'],
+      hasMany: true,
+      options: ['admin', 'user'],
+    },
+  ],
+}