cbbf98e873
Previously, relationship fields were only filtered based on the
`payload-tenant` cookie - if the relationship points to a relation where
`doc.relation.tenant !== cookies.get('payload-tenant')`, it will fail
validation. This is good!
However, if no headers are present (e.g. when using the local API to
create or update a document), this validation will pass, even if the
document belongs to a different tenant. The following test is passing in
this PR and failing in main: `ensure relationship document with
relationship to different tenant cannot be created even if no tenant
header passed`.
This PR extends the validation logic to respect the tenant stored in the
document's data and only read the headers if the document does not have
a tenant set yet.
Old logic:
`doc.relation.tenant !== cookies.get('payload-tenant')` => fail
validation
New logic:
`doc.relation.tenant !== doc.tenant ?? cookies.get('payload-tenant')` =>
fail validation
---
- To see the specific tasks where the Asana app for GitHub is being
used, see below:
- https://app.asana.com/0/0/1211456244666493
223 lines
4.4 KiB
TypeScript
223 lines
4.4 KiB
TypeScript
import type { Config, Payload } from 'payload'
|
|
|
|
import { credentials } from '../credentials.js'
|
|
import { menuItemsSlug, menuSlug, tenantsSlug, usersSlug } from '../shared.js'
|
|
|
|
const deleteAll = async (payload: Payload) => {
|
|
await payload.delete({
|
|
collection: tenantsSlug,
|
|
where: {},
|
|
})
|
|
await payload.delete({
|
|
collection: usersSlug,
|
|
where: {},
|
|
})
|
|
await payload.delete({
|
|
collection: menuItemsSlug,
|
|
where: {},
|
|
})
|
|
await payload.delete({
|
|
collection: menuSlug,
|
|
where: {},
|
|
})
|
|
}
|
|
|
|
export const seed: Config['onInit'] = async (payload) => {
|
|
await deleteAll(payload)
|
|
|
|
// create tenants
|
|
const blueDogTenant = await payload.create({
|
|
collection: tenantsSlug,
|
|
data: {
|
|
name: 'Blue Dog',
|
|
domain: 'bluedog.com',
|
|
},
|
|
})
|
|
const steelCatTenant = await payload.create({
|
|
collection: tenantsSlug,
|
|
data: {
|
|
name: 'Steel Cat',
|
|
domain: 'steelcat.com',
|
|
},
|
|
})
|
|
const anchorBarTenant = await payload.create({
|
|
collection: tenantsSlug,
|
|
data: {
|
|
name: 'Anchor Bar',
|
|
domain: 'anchorbar.com',
|
|
},
|
|
})
|
|
const publicTenant = await payload.create({
|
|
collection: tenantsSlug,
|
|
data: {
|
|
name: 'Public Tenant',
|
|
domain: 'public.com',
|
|
isPublic: true,
|
|
},
|
|
})
|
|
|
|
// Create blue dog menu items
|
|
await payload.create({
|
|
collection: menuItemsSlug,
|
|
data: {
|
|
name: 'Chorizo Con Queso and Chips',
|
|
tenant: blueDogTenant.id,
|
|
},
|
|
})
|
|
await payload.create({
|
|
collection: menuItemsSlug,
|
|
data: {
|
|
name: 'Garlic Parmesan Tots',
|
|
tenant: blueDogTenant.id,
|
|
},
|
|
})
|
|
await payload.create({
|
|
collection: menuItemsSlug,
|
|
data: {
|
|
name: 'Spicy Mac',
|
|
tenant: blueDogTenant.id,
|
|
},
|
|
})
|
|
|
|
await payload.create({
|
|
collection: 'relationships',
|
|
data: {
|
|
title: 'Owned by blue dog',
|
|
tenant: blueDogTenant.id,
|
|
},
|
|
})
|
|
|
|
await payload.create({
|
|
collection: 'relationships',
|
|
data: {
|
|
title: 'Owned by steelcat',
|
|
tenant: steelCatTenant.id,
|
|
},
|
|
})
|
|
|
|
await payload.create({
|
|
collection: 'relationships',
|
|
data: {
|
|
title: 'Owned by bar with no ac',
|
|
tenant: anchorBarTenant.id,
|
|
},
|
|
})
|
|
|
|
await payload.create({
|
|
collection: 'relationships',
|
|
data: {
|
|
title: 'Owned by public tenant',
|
|
tenant: publicTenant.id,
|
|
},
|
|
})
|
|
|
|
// Create steel cat menu items
|
|
await payload.create({
|
|
collection: menuItemsSlug,
|
|
data: {
|
|
name: 'Pretzel Bites',
|
|
tenant: steelCatTenant.id,
|
|
},
|
|
})
|
|
await payload.create({
|
|
collection: menuItemsSlug,
|
|
data: {
|
|
name: 'Buffalo Chicken Dip',
|
|
tenant: steelCatTenant.id,
|
|
},
|
|
})
|
|
await payload.create({
|
|
collection: menuItemsSlug,
|
|
data: {
|
|
name: 'Pulled Pork Nachos',
|
|
tenant: steelCatTenant.id,
|
|
},
|
|
})
|
|
|
|
// Public tenant menu items
|
|
await payload.create({
|
|
collection: menuItemsSlug,
|
|
data: {
|
|
name: 'Free Pizza',
|
|
tenant: publicTenant.id,
|
|
},
|
|
})
|
|
await payload.create({
|
|
collection: menuItemsSlug,
|
|
data: {
|
|
name: 'Free Dogs',
|
|
tenant: publicTenant.id,
|
|
},
|
|
})
|
|
|
|
// create users
|
|
await payload.create({
|
|
collection: usersSlug,
|
|
data: {
|
|
...credentials.admin,
|
|
roles: ['admin'],
|
|
},
|
|
})
|
|
|
|
await payload.create({
|
|
collection: usersSlug,
|
|
data: {
|
|
...credentials.blueDog,
|
|
roles: ['user'],
|
|
tenants: [
|
|
{
|
|
tenant: blueDogTenant.id,
|
|
},
|
|
],
|
|
},
|
|
})
|
|
|
|
await payload.create({
|
|
collection: usersSlug,
|
|
data: {
|
|
...credentials.owner,
|
|
roles: ['user'],
|
|
tenants: [
|
|
{
|
|
tenant: anchorBarTenant.id,
|
|
},
|
|
{
|
|
tenant: blueDogTenant.id,
|
|
},
|
|
],
|
|
},
|
|
})
|
|
|
|
// create menus
|
|
await payload.create({
|
|
collection: menuSlug,
|
|
data: {
|
|
description: 'This collection behaves like globals, 1 document per tenant. No list view.',
|
|
title: 'Blue Dog Menu',
|
|
tenant: blueDogTenant.id,
|
|
},
|
|
})
|
|
await payload.create({
|
|
collection: menuSlug,
|
|
data: {
|
|
description: 'This collection behaves like globals, 1 document per tenant. No list view.',
|
|
title: 'Steel Cat Menu',
|
|
tenant: steelCatTenant.id,
|
|
},
|
|
})
|
|
|
|
await payload.create({
|
|
collection: usersSlug,
|
|
data: {
|
|
email: 'huel@steel-cat.com',
|
|
password: 'test',
|
|
roles: ['user'],
|
|
tenants: [
|
|
{
|
|
tenant: steelCatTenant.id,
|
|
},
|
|
],
|
|
},
|
|
})
|
|
}
|