payloadcms

Files

Sasha a9f511d540 fix: skip validation of where query paths from access result (#9349 )

### What?

Previously, `payload.findByID` with `overrideAccess: false` and this
collection config
```ts
{
  slug: 'fields-and-top-access',
  access: {
    read: () => ({
      secret: {
        equals: '12345',
      },
    }),
  },
  fields: [
    {
      type: 'text',
      name: 'secret',
      access: { read: () => false },
    },
  ],
},
```

Led to the `The following path cannot be queried: secret` error because
`where` input to `validateQueryPaths` also includes the result from
access control, which shouldn't be.

This works when using `payload.find`.

The same applies to find with drafts / joins `where`. We need to
validate only user `where` input, not access control that we defined in
our config.

Also, this exact logic seems be used in `find` without drafts - we don't
use `fullWhere` here but `where`, that's why this error isn't being
thrown with `find` but only `findByID`.

d9c6288cb2/packages/payload/src/collections/operations/find.ts (L134)

d9c6288cb2/packages/payload/src/collections/operations/find.ts (L166-L171)

Fixes https://github.com/payloadcms/payload/issues/9210

2024-11-26 19:02:45 +02:00

collections

fix(ui): invalid permissions passed to group and named tab sub-fields (#9366 )

2024-11-20 13:03:35 -07:00

config.ts

fix: skip validation of where query paths from access result (#9349 )

2024-11-26 19:02:45 +02:00

e2e.spec.ts

fix(ui): invalid permissions passed to group and named tab sub-fields (#9366 )

2024-11-20 13:03:35 -07:00

eslint.config.js

chore(eslint): FlatConfig type deprecated, set to Config