tabshift/payloadcms
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
537f58b4bc4e079add8267c1f900cd535f344af7
payloadcms/test/plugin-multi-tenant/config.ts
Alessio Gravili cbbf98e873 fix(plugin-multi-tenant): ensure relationship filter filters based on doc.tenant (#13925) 
Previously, relationship fields were only filtered based on the
`payload-tenant` cookie - if the relationship points to a relation where
`doc.relation.tenant !== cookies.get('payload-tenant')`, it will fail
validation. This is good!

However, if no headers are present (e.g. when using the local API to
create or update a document), this validation will pass, even if the
document belongs to a different tenant. The following test is passing in
this PR and failing in main: `ensure relationship document with
relationship to different tenant cannot be created even if no tenant
header passed`.

This PR extends the validation logic to respect the tenant stored in the
document's data and only read the headers if the document does not have
a tenant set yet.

Old logic:

`doc.relation.tenant !== cookies.get('payload-tenant')` => fail
validation

New logic:

`doc.relation.tenant !== doc.tenant ?? cookies.get('payload-tenant')` =>
fail validation


---
- To see the specific tasks where the Asana app for GitHub is being
used, see below:
  - https://app.asana.com/0/0/1211456244666493
2025-09-25 16:36:21 +00:00

70 lines
2.0 KiB
TypeScript
Raw Blame History

import { multiTenantPlugin } from '@payloadcms/plugin-multi-tenant'
import { fileURLToPath } from 'node:url'
import path from 'path'
const filename = fileURLToPath(import.meta.url)
const dirname = path.dirname(filename)
import type { Config as ConfigType } from './payload-types.js'
import { buildConfigWithDefaults } from '../buildConfigWithDefaults.js'
import { AutosaveGlobal } from './collections/AutosaveGlobal.js'
import { Menu } from './collections/Menu.js'
import { MenuItems } from './collections/MenuItems.js'
import { Relationships } from './collections/Relationships.js'
import { Tenants } from './collections/Tenants.js'
import { Users } from './collections/Users/index.js'
import { seed } from './seed/index.js'
import { autosaveGlobalSlug, menuItemsSlug, menuSlug } from './shared.js'
export default buildConfigWithDefaults({
collections: [Tenants, Users, MenuItems, Menu, AutosaveGlobal, Relationships],
admin: {
autoLogin: false,
importMap: {
baseDir: path.resolve(dirname),
},
components: {
graphics: {
Logo: '/components/Logo/index.js#Logo',
Icon: '/components/Icon/index.js#Icon',
},
},
},
onInit: seed,
plugins: [
multiTenantPlugin<ConfigType>({
// debug: true,
userHasAccessToAllTenants: (user) => Boolean(user.roles?.includes('admin')),
useTenantsCollectionAccess: false,
tenantField: {
access: {},
},
collections: {
[menuItemsSlug]: {
useTenantAccess: false,
},
[menuSlug]: {
isGlobal: true,
},
[autosaveGlobalSlug]: {
isGlobal: true,
},
['relationships']: {},
},
i18n: {
translations: {
en: {
'field-assignedTenant-label': 'Site',
'nav-tenantSelector-label': 'Filter by Site',
'assign-tenant-button-label': 'Assign Site',
},
},
},
}),
],
typescript: {
outputFile: path.resolve(dirname, 'payload-types.ts'),
},
})
Reference in New Issue View Git Blame Copy Permalink