tabshift/payloadcms
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
5146fc865f8f677e1baf18e2777582e64470a2d9
payloadcms/test/auth/config.ts
Patrik 5146fc865f fix(ui): undefined permissions passed in create-first-user view (#13671) 
### What?

In the create-first-user view, fields like `richText` were being marked
as `readOnly: true` because they had no permissions entry in the
permissions map.

### Why?

The view was passing an incomplete `docPermissions` object. 

When a field had no entry in `docPermissions.fields`, `renderField`
received `permissions: undefined`, which was interpreted as denied
access.

This caused fields (notably `richText`) to default to read-only even
though the user should have full access when creating the first user.

### How?

- Updated the create-first-user view to always pass a complete
`docPermissions` object.
- Default all fields in the user collection to `{ create: true, read:
true, update: true }`.
- Ensures every field is explicitly granted full access during the
first-user flow.
- Keeps the `renderField` logic unchanged and aligned with Payload’s
permission model.

Fixes #13612 

---
- To see the specific tasks where the Asana app for GitHub is being
used, see below:
  - https://app.asana.com/0/0/1211211792037939
2025-09-03 14:16:49 -07:00

301 lines
7.0 KiB
TypeScript
Raw Blame History

import { fileURLToPath } from 'node:url'
import path from 'path'
const filename = fileURLToPath(import.meta.url)
const dirname = path.dirname(filename)
import { buildConfigWithDefaults } from '../buildConfigWithDefaults.js'
import { devUser } from '../credentials.js'
import { seed } from './seed.js'
import {
apiKeysSlug,
namedSaveToJWTValue,
partialDisableLocalStrategiesSlug,
publicUsersSlug,
saveToJWTKey,
slug,
} from './shared.js'
export default buildConfigWithDefaults({
admin: {
autoLogin: {
email: devUser.email,
password: devUser.password,
prefillOnly: true,
},
importMap: {
baseDir: path.resolve(dirname),
},
user: 'users',
},
collections: [
{
slug,
admin: {
useAsTitle: 'custom',
},
auth: {
cookies: {
domain: undefined,
sameSite: 'Lax',
secure: false,
},
depth: 0,
lockTime: 600 * 1000, // lock time in ms
maxLoginAttempts: 2,
tokenExpiration: 7200, // 2 hours
useAPIKey: true,
verify: false,
forgotPassword: {
expiration: 300000, // 5 minutes
},
},
fields: [
{
name: 'adminOnlyField',
type: 'text',
access: {
read: ({ req: { user } }) => {
return user?.roles?.includes('admin')
},
},
},
{
name: 'roles',
type: 'select',
defaultValue: ['user'],
hasMany: true,
label: 'Role',
options: ['admin', 'editor', 'moderator', 'user', 'viewer'],
required: true,
saveToJWT: true,
},
{
name: 'namedSaveToJWT',
type: 'text',
defaultValue: namedSaveToJWTValue,
label: 'Named Save To JWT',
saveToJWT: saveToJWTKey,
},
{
name: 'richText',
type: 'richText',
},
{
name: 'group',
type: 'group',
fields: [
{
name: 'liftedSaveToJWT',
type: 'text',
defaultValue: 'lifted from group',
label: 'Lifted Save To JWT',
saveToJWT: 'x-lifted-from-group',
},
],
},
{
name: 'groupSaveToJWT',
type: 'group',
fields: [
{
name: 'saveToJWTString',
type: 'text',
defaultValue: 'nested property',
label: 'Save To JWT String',
saveToJWT: 'x-test',
},
{
name: 'saveToJWTFalse',
type: 'text',
defaultValue: 'nested property',
label: 'Save To JWT False',
saveToJWT: false,
},
],
label: 'Group Save To JWT',
saveToJWT: 'x-group',
},
{
type: 'tabs',
tabs: [
{
name: 'saveToJWTTab',
fields: [
{
name: 'test',
type: 'text',
defaultValue: 'yes',
saveToJWT: 'x-field',
},
],
label: 'Save To JWT Tab',
saveToJWT: true,
},
{
name: 'tabSaveToJWTString',
fields: [
{
name: 'includedByDefault',
type: 'text',
defaultValue: 'yes',
},
],
label: 'Tab Save To JWT String',
saveToJWT: 'tab-test',
},
{
fields: [
{
name: 'tabLiftedSaveToJWT',
type: 'text',
defaultValue: 'lifted from unnamed tab',
label: 'Tab Lifted Save To JWT',
saveToJWT: true,
},
{
name: 'unnamedTabSaveToJWTString',
type: 'text',
defaultValue: 'text',
label: 'Unnamed Tab Save To JWT String',
saveToJWT: 'x-tab-field',
},
{
name: 'unnamedTabSaveToJWTFalse',
type: 'text',
defaultValue: 'false',
label: 'Unnamed Tab Save To JWT False',
saveToJWT: false,
},
],
label: 'No Name',
},
],
},
{
name: 'custom',
type: 'text',
label: 'Custom',
},
{
name: 'authDebug',
type: 'ui',
admin: {
components: {
Field: '/AuthDebug.js#AuthDebug',
},
},
label: 'Auth Debug',
},
],
},
{
slug: partialDisableLocalStrategiesSlug,
auth: {
disableLocalStrategy: {
// optionalPassword: true,
enableFields: true,
},
},
fields: [
// with `enableFields: true`, the following DB columns will be created:
// email
// reset_password_token
// reset_password_expiration
// salt
// hash
// login_attempts
// lock_until
],
},
{
slug: 'disable-local-strategy-password',
auth: { disableLocalStrategy: true },
fields: [
{
name: 'password',
type: 'text',
required: true,
},
],
},
{
slug: apiKeysSlug,
access: {
read: ({ req: { user } }) => {
if (!user) {
return false
}
if (user?.collection === apiKeysSlug) {
return {
id: {
equals: user.id,
},
}
}
return true
},
},
auth: {
disableLocalStrategy: true,
useAPIKey: true,
},
fields: [],
labels: {
plural: 'API Keys',
singular: 'API Key',
},
},
{
slug: publicUsersSlug,
auth: {
verify: true,
},
fields: [],
},
{
slug: 'relationsCollection',
fields: [
{
name: 'rel',
type: 'relationship',
relationTo: 'users',
},
{
name: 'text',
type: 'text',
},
],
},
{
slug: 'api-keys-with-field-read-access',
auth: {
disableLocalStrategy: true,
useAPIKey: true,
},
fields: [
{
name: 'enableAPIKey',
type: 'checkbox',
access: {
read: () => false,
},
},
{
name: 'apiKey',
type: 'text',
access: {
read: () => false,
},
},
],
labels: {
plural: 'API Keys With Field Read Access',
singular: 'API Key With Field Read Access',
},
},
],
onInit: seed,
typescript: {
outputFile: path.resolve(dirname, 'payload-types.ts'),
},
})
Reference in New Issue View Git Blame Copy Permalink