payloadcms

Files

Alessio Gravili cbbf98e873 fix(plugin-multi-tenant): ensure relationship filter filters based on doc.tenant (#13925 )

Previously, relationship fields were only filtered based on the
`payload-tenant` cookie - if the relationship points to a relation where
`doc.relation.tenant !== cookies.get('payload-tenant')`, it will fail
validation. This is good!

However, if no headers are present (e.g. when using the local API to
create or update a document), this validation will pass, even if the
document belongs to a different tenant. The following test is passing in
this PR and failing in main: `ensure relationship document with
relationship to different tenant cannot be created even if no tenant
header passed`.

This PR extends the validation logic to respect the tenant stored in the
document's data and only read the headers if the document does not have
a tenant set yet.

Old logic:

`doc.relation.tenant !== cookies.get('payload-tenant')` => fail
validation

New logic:

`doc.relation.tenant !== doc.tenant ?? cookies.get('payload-tenant')` =>
fail validation


---
- To see the specific tasks where the Asana app for GitHub is being
used, see below:
  - https://app.asana.com/0/0/1211456244666493

2025-09-25 16:36:21 +00:00

_community

perf(ui): opt-in to the select api in the list view (#13697 )

2025-09-08 16:38:00 -04:00

access-control

feat(plugin-multi-tenant): improves tenant assignment flow (#13881 )

2025-09-24 13:19:33 -04:00

admin

fix(next): clear bfcache on forward/back (#13913 )

2025-09-24 23:08:49 +00:00

admin-bar

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

admin-root

feat(next): regenerate live preview url on save (#13631 )

2025-09-23 09:37:15 -04:00

app

feat: deprecates getPayloadHMR in favor of simpler getPayload (#9249 )

2024-11-16 15:30:05 -05:00

array-update

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

auth

fix(next): exclude permissions from page response when unauthenticated (#13796 )

2025-09-12 20:57:03 +00:00

auth-basic

chore: run dev:generate-types (#11994 )

2025-04-08 17:25:29 -03:00

benchmark-blocks

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

bulk-edit

fix(next): resolve filterOptions by path (#13779 )

2025-09-11 13:24:16 -07:00

collections-graphql

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

collections-rest

feat: expose multipart/form-data parsing options (#13766 )

2025-09-11 09:14:56 -04:00

config

feat: allow multiple, different payload instances using getPayload in same process (#13603 )

2025-08-27 10:24:37 -07:00

create-payload-app

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

custom-graphql

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

database

fix: findDistinct with polymorphic relationships (#13875 )

2025-09-22 12:23:17 -07:00

dataloader

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

email-nodemailer

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

email-resend

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

endpoints

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

field-error-states

test: add array field helpers (#13493 )

2025-08-19 19:44:59 +00:00

field-perf

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

fields

fix(ui): array field state to return empty array instead of 0 (#11283 )

2025-09-24 13:17:30 -04:00

fields-relationship

fix(next): resolve filterOptions by path (#13779 )

2025-09-11 13:24:16 -07:00

folders

feat(ui): save collection folder tab preferences (#13702 )

2025-09-09 11:43:00 -04:00

folders-browse-by-disabled

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

form-state

fix(ui): array field state to return empty array instead of 0 (#11283 )

2025-09-24 13:17:30 -04:00

globals

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

graphql

fix(graphql): graphql tab schema not handling tabs correctly (#13850 )

2025-09-18 09:34:50 -07:00

graphql-schema-gen

fix(graphql): invalid enum names when values include brackets (#13597 )

2025-08-26 11:03:26 -07:00

group-by

fix(next): groupBy for polymorphic relationships (#13781 )

2025-09-23 10:14:35 -07:00

helpers

feat(plugin-multi-tenant): improves tenant assignment flow (#13881 )

2025-09-24 13:19:33 -04:00

hooks

feat: global beforeOperation hook (#13768 )

2025-09-10 20:46:49 +00:00

i18n

fix(next): resolve filterOptions by path (#13779 )

2025-09-11 13:24:16 -07:00

import-test

feat: adds jobs queue (#8228 )

2024-10-30 17:56:50 +00:00

joins

fix(db-sqlite): exists operator in createJSONQuery (#13907 )

2025-09-24 18:42:33 +03:00

lexical

fix(ui): opening relationship field with appearance: "drawer" inside rich text inline block closes drawer (#13830 )

2025-09-24 17:45:36 -04:00

lexical-mdx

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

live-preview

feat(next): regenerate live preview url on save (#13631 )

2025-09-23 09:37:15 -04:00

loader

feat!: beta-next (#7620 )

2024-08-13 12:54:33 -04:00

localization

revert: "feat: adds new experimental.localizeStatus option (#13207 )" (#13928 )

2025-09-25 15:14:19 +00:00

localization-rtl

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

locked-documents

fix: server component readonly state issues with document locking (#13878 )

2025-09-24 12:11:10 -07:00

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

migrations-cli

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

nested-fields

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

payload-cloud

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-cloud-storage

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-form-builder

feat(plugin-form-builder): allow creating form submissions from the admin panel (#11222 )

2025-09-24 16:31:57 -04:00

plugin-import-export

fix(plugin-import-export): collectionSlug field regression from hidden field changes (#13917 )

2025-09-24 06:01:02 -07:00

plugin-multi-tenant

fix(plugin-multi-tenant): ensure relationship filter filters based on doc.tenant (#13925 )

2025-09-25 16:36:21 +00:00

plugin-nested-docs

fix(plugin-nested-docs): prevent phantom breadcrumb row (#13628 )

2025-08-28 16:12:47 -04:00

plugin-redirects

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-search

perf(plugin-search): reindex collections in parallel, up to 80% faster (#13608 )

2025-08-28 16:12:35 -04:00

plugin-sentry

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-seo

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-stripe

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugins

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

query-presets

fix(next): resolve filterOptions by path (#13779 )

2025-09-11 13:24:16 -07:00

queues

feat: support parallel job queue tasks, speed up task running (#13614 )

2025-08-27 20:32:42 +00:00

relationships

fix(db-mongodb): support 2x and more relationship sorting (#13819 )

2025-09-16 21:03:48 +03:00

scripts

feat(next): root admin (#7276 )

2024-07-23 13:44:44 -04:00

select

fix: versions created with incomplete data when using select parameter (#13809 )

2025-09-15 14:00:04 -07:00

server-functions

feat: auth sessions (#12483 )

2025-06-27 09:13:52 -04:00

sort

test: fix flaky sorting test (#13303 )

2025-07-29 03:25:09 +00:00

storage-azure

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

storage-gcs

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

storage-s3

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

storage-uploadthing

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

storage-vercel-blob

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

trash

fix: skip validation when trashing documents with empty required fields (#13807 )

2025-09-16 07:09:39 -07:00

types

feat(richtext-lexical): utility render lexical field on-demand (#13657 )

2025-09-18 15:01:12 -07:00

uploads

fix(db-postgres): localized relationships inside blocks (#13760 )

2025-09-19 09:28:12 -04:00

versions

revert: "feat: adds new experimental.localizeStatus option (#13207 )" (#13928 )

2025-09-25 15:14:19 +00:00

.prettierignore

chore: regenerate all types in test dir, and add to eslint & prettier ignores

2024-07-11 15:59:38 -04:00

.swcrc

chore: swcrc syntax fix (#6505 )

2024-05-25 15:45:05 +00:00

buildConfigWithDefaults.ts

chore: fix various e2e test setup issues (#12670 )

2025-06-04 17:34:37 -03:00

credentials.ts

…

CustomDashboard.tsx

chore: safely uses deepMerge

2024-03-07 11:33:46 -05:00

dev.ts

chore: enable turbopack by default in monorepo (#12684 )

2025-06-05 22:01:55 -03:00

docker-compose.yml

fix(plugin-cloud-storage): actually deprecate adapters (#9640 )

2024-12-31 09:14:56 -05:00

eslint.config.js

fix(ui): populate nested fields for enableListViewSelectAPI (#13827 )

2025-09-16 21:23:08 +00:00

generateDatabaseAdapter.ts

fix(db-mongodb): disable join aggregations in DocumentDB compatibility mode (#13270 )

2025-08-20 16:31:19 +00:00

generateDatabaseSchema.ts

fix(db-mongodb): improve compatibility with Firestore database (#12763 )

2025-07-16 15:17:43 -04:00

generateGraphQLSchema.ts

feat!: beta-next (#7620 )

2024-08-13 12:54:33 -04:00

generateImportMap.ts

feat: payload admin bar (#3684 )

2025-03-05 19:14:35 +00:00

generateTypes.ts

chore: gitignore test/databaseAdapter (#8235 )

2024-09-16 17:02:08 +00:00

helpers.ts

feat(plugin-multi-tenant): improves tenant assignment flow (#13881 )

2025-09-24 13:19:33 -04:00

initDevAndTest.ts

feat: scheduling jobs (#12863 )

2025-07-18 06:48:27 -04:00

jest-spec-reporter.cjs

feat!: on demand rsc (#8364 )

2024-11-11 13:59:05 -05:00

jest.config.js

chore: use custom jest reporter to achieve sane jest logs (#8607 )

2024-10-11 18:54:39 +00:00

jest.setup.js

fix: localized fields within block references were not handled properly if any parent is localized (#11207 )

2025-02-17 19:50:32 +00:00

jestreporter.cjs

chore: use custom jest reporter to achieve sane jest logs (#8607 )

2024-10-11 18:54:39 +00:00

next-env.d.ts

fix: fully sanitize unauthenticated client config (#13785 )

2025-09-12 14:52:50 -04:00

next.config.mjs

feat(next): regenerate live preview url on save (#13631 )

2025-09-23 09:37:15 -04:00

package.json

feat(richtext-lexical): utility render lexical field on-demand (#13657 )

2025-09-18 15:01:12 -07:00

playwright.bail.config.ts

chore: hide test flakes, improve playwright CI logs, significantly reduce playwright timeouts, add back test retries, cache playwright browsers in CI, disable CI telemetry, improve test throttle utility (#6155 )

2024-05-01 17:35:41 -04:00

playwright.config.ts

chore: fix flaky lexical test (#11035 )

2025-02-07 03:24:49 +00:00

runE2E.ts

feat(richtext-lexical): support copy & pasting and drag & dopping files/images into the editor (#13868 )

2025-09-24 15:04:46 +00:00

runInit.ts

feat: scheduling jobs (#12863 )

2025-07-18 06:48:27 -04:00

runInitSeparateProcess.ts

chore: upgrade to pnpm v9, regenerate lockfile (#7369 )

2024-08-14 08:57:04 -04:00

safelyRunScript.ts

chore: when dev server restarts, ensure exiting the parent process kills child process (#8703 )

2024-10-14 20:02:26 +00:00

setupProd.ts

feat: payload admin bar (#3684 )

2025-03-05 19:14:35 +00:00

test.env

chore: bump node version in monorepo and add new flag for node 23.6+ (#12328 )

2025-05-12 09:41:18 -04:00

testEmailAdapter.ts

feat!: prebundle payload, ui, richtext-lexical (#6579 )

2024-06-17 14:25:36 -04:00

testHooks.ts

perf: deduplicate blocks used in multiple places using new config.blocks property (#10905 )

2025-02-14 00:08:20 +00:00

tsconfig.eslint.json

chore: run lint & prettier on everything

2024-03-14 23:53:47 -04:00

tsconfig.json

chore: make TypeScript strict in test folder. Simplify tsconfig (#10582 )

2025-01-14 20:00:00 -03:00

tsconfig.typecheck.json

feat: payload admin bar (#3684 )

2025-03-05 19:14:35 +00:00