@payloadcms/plugin-multi-tenant 3.78.0-internal-debug.f663370 → 3.78.0-internal.5219978
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/filters/filterDocumentsByTenants.d.ts +2 -1
- package/dist/filters/filterDocumentsByTenants.d.ts.map +1 -1
- package/dist/filters/filterDocumentsByTenants.js +1 -1
- package/dist/filters/filterDocumentsByTenants.js.map +1 -1
- package/dist/utilities/getTenantAccess.d.ts +5 -2
- package/dist/utilities/getTenantAccess.d.ts.map +1 -1
- package/dist/utilities/getTenantAccess.js.map +1 -1
- package/dist/utilities/withTenantAccess.d.ts.map +1 -1
- package/dist/utilities/withTenantAccess.js +14 -0
- package/dist/utilities/withTenantAccess.js.map +1 -1
- package/package.json +6 -6
|
@@ -4,8 +4,9 @@ type Args<ConfigType = unknown> = {
|
|
|
4
4
|
/**
|
|
5
5
|
* If the document this filter is run belongs to a tenant, the tenant ID should be passed here.
|
|
6
6
|
* If set, this will be used instead of the tenant cookie
|
|
7
|
+
* Can be an array when hasMany is true
|
|
7
8
|
*/
|
|
8
|
-
docTenantID?: number | string;
|
|
9
|
+
docTenantID?: number | number[] | string | string[];
|
|
9
10
|
filterFieldName: string;
|
|
10
11
|
req: PayloadRequest;
|
|
11
12
|
tenantsArrayFieldName?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"filterDocumentsByTenants.d.ts","sourceRoot":"","sources":["../../src/filters/filterDocumentsByTenants.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAa,KAAK,EAAE,MAAM,SAAS,CAAA;AAE/D,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAA;AAO1D,KAAK,IAAI,CAAC,UAAU,GAAG,OAAO,IAAI;IAChC
|
|
1
|
+
{"version":3,"file":"filterDocumentsByTenants.d.ts","sourceRoot":"","sources":["../../src/filters/filterDocumentsByTenants.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAa,KAAK,EAAE,MAAM,SAAS,CAAA;AAE/D,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAA;AAO1D,KAAK,IAAI,CAAC,UAAU,GAAG,OAAO,IAAI;IAChC;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,MAAM,GAAG,MAAM,EAAE,CAAA;IACnD,eAAe,EAAE,MAAM,CAAA;IACvB,GAAG,EAAE,cAAc,CAAA;IACnB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,2BAA2B,CAAC,EAAE,MAAM,CAAA;IACpC,qBAAqB,EAAE,MAAM,CAAA;IAC7B,yBAAyB,EAAE,QAAQ,CACjC,uBAAuB,CAAC,UAAU,CAAC,CACpC,CAAC,2BAA2B,CAAC,CAAA;CAC/B,CAAA;AACD,eAAO,MAAM,wBAAwB,GAAI,UAAU,0JAQhD,IAAI,CAAC,UAAU,CAAC,KAAG,IAAI,GAAG,KAwC5B,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/filters/filterDocumentsByTenants.ts"],"sourcesContent":["import type { PayloadRequest, TypedUser, Where } from 'payload'\n\nimport type { MultiTenantPluginConfig } from '../types.js'\n\nimport { defaults } from '../defaults.js'\nimport { getCollectionIDType } from '../utilities/getCollectionIDType.js'\nimport { getTenantFromCookie } from '../utilities/getTenantFromCookie.js'\nimport { getUserTenantIDs } from '../utilities/getUserTenantIDs.js'\n\ntype Args<ConfigType = unknown> = {\n /**\n * If the document this filter is run belongs to a tenant, the tenant ID should be passed here.\n * If set, this will be used instead of the tenant cookie\n */\n docTenantID?: number | string\n filterFieldName: string\n req: PayloadRequest\n tenantsArrayFieldName?: string\n tenantsArrayTenantFieldName?: string\n tenantsCollectionSlug: string\n userHasAccessToAllTenants: Required<\n MultiTenantPluginConfig<ConfigType>\n >['userHasAccessToAllTenants']\n}\nexport const filterDocumentsByTenants = <ConfigType = unknown>({\n docTenantID,\n filterFieldName,\n req,\n tenantsArrayFieldName = defaults.tenantsArrayFieldName,\n tenantsArrayTenantFieldName = defaults.tenantsArrayTenantFieldName,\n tenantsCollectionSlug,\n userHasAccessToAllTenants,\n}: Args<ConfigType>): null | Where => {\n const idType = getCollectionIDType({\n collectionSlug: tenantsCollectionSlug,\n payload: req.payload,\n })\n\n // scope results to selected tenant\n const selectedTenant = docTenantID ?? getTenantFromCookie(req.headers, idType)\n if (selectedTenant) {\n return {\n [filterFieldName]: {\n in: [selectedTenant],\n },\n }\n }\n\n if (\n req.user &&\n userHasAccessToAllTenants(\n req?.user as ConfigType extends { user: unknown } ? ConfigType['user'] : TypedUser,\n )\n ) {\n return null\n }\n\n // scope to user assigned tenants\n const userAssignedTenants = getUserTenantIDs(req.user, {\n tenantsArrayFieldName,\n tenantsArrayTenantFieldName,\n })\n if (userAssignedTenants.length > 0) {\n return {\n [filterFieldName]: {\n in: userAssignedTenants,\n },\n }\n }\n\n // no tenant selected and no user tenants, return null to allow access control to handle it\n return null\n}\n"],"names":["defaults","getCollectionIDType","getTenantFromCookie","getUserTenantIDs","filterDocumentsByTenants","docTenantID","filterFieldName","req","tenantsArrayFieldName","tenantsArrayTenantFieldName","tenantsCollectionSlug","userHasAccessToAllTenants","idType","collectionSlug","payload","selectedTenant","headers","in","user","userAssignedTenants","length"],"mappings":"AAIA,SAASA,QAAQ,QAAQ,iBAAgB;AACzC,SAASC,mBAAmB,QAAQ,sCAAqC;AACzE,SAASC,mBAAmB,QAAQ,sCAAqC;AACzE,SAASC,gBAAgB,QAAQ,mCAAkC;
|
|
1
|
+
{"version":3,"sources":["../../src/filters/filterDocumentsByTenants.ts"],"sourcesContent":["import type { PayloadRequest, TypedUser, Where } from 'payload'\n\nimport type { MultiTenantPluginConfig } from '../types.js'\n\nimport { defaults } from '../defaults.js'\nimport { getCollectionIDType } from '../utilities/getCollectionIDType.js'\nimport { getTenantFromCookie } from '../utilities/getTenantFromCookie.js'\nimport { getUserTenantIDs } from '../utilities/getUserTenantIDs.js'\n\ntype Args<ConfigType = unknown> = {\n /**\n * If the document this filter is run belongs to a tenant, the tenant ID should be passed here.\n * If set, this will be used instead of the tenant cookie\n * Can be an array when hasMany is true\n */\n docTenantID?: number | number[] | string | string[]\n filterFieldName: string\n req: PayloadRequest\n tenantsArrayFieldName?: string\n tenantsArrayTenantFieldName?: string\n tenantsCollectionSlug: string\n userHasAccessToAllTenants: Required<\n MultiTenantPluginConfig<ConfigType>\n >['userHasAccessToAllTenants']\n}\nexport const filterDocumentsByTenants = <ConfigType = unknown>({\n docTenantID,\n filterFieldName,\n req,\n tenantsArrayFieldName = defaults.tenantsArrayFieldName,\n tenantsArrayTenantFieldName = defaults.tenantsArrayTenantFieldName,\n tenantsCollectionSlug,\n userHasAccessToAllTenants,\n}: Args<ConfigType>): null | Where => {\n const idType = getCollectionIDType({\n collectionSlug: tenantsCollectionSlug,\n payload: req.payload,\n })\n\n // scope results to selected tenant\n const selectedTenant = docTenantID ?? getTenantFromCookie(req.headers, idType)\n if (selectedTenant) {\n return {\n [filterFieldName]: {\n in: Array.isArray(selectedTenant) ? selectedTenant : [selectedTenant],\n },\n }\n }\n\n if (\n req.user &&\n userHasAccessToAllTenants(\n req?.user as ConfigType extends { user: unknown } ? ConfigType['user'] : TypedUser,\n )\n ) {\n return null\n }\n\n // scope to user assigned tenants\n const userAssignedTenants = getUserTenantIDs(req.user, {\n tenantsArrayFieldName,\n tenantsArrayTenantFieldName,\n })\n if (userAssignedTenants.length > 0) {\n return {\n [filterFieldName]: {\n in: userAssignedTenants,\n },\n }\n }\n\n // no tenant selected and no user tenants, return null to allow access control to handle it\n return null\n}\n"],"names":["defaults","getCollectionIDType","getTenantFromCookie","getUserTenantIDs","filterDocumentsByTenants","docTenantID","filterFieldName","req","tenantsArrayFieldName","tenantsArrayTenantFieldName","tenantsCollectionSlug","userHasAccessToAllTenants","idType","collectionSlug","payload","selectedTenant","headers","in","Array","isArray","user","userAssignedTenants","length"],"mappings":"AAIA,SAASA,QAAQ,QAAQ,iBAAgB;AACzC,SAASC,mBAAmB,QAAQ,sCAAqC;AACzE,SAASC,mBAAmB,QAAQ,sCAAqC;AACzE,SAASC,gBAAgB,QAAQ,mCAAkC;AAkBnE,OAAO,MAAMC,2BAA2B,CAAuB,EAC7DC,WAAW,EACXC,eAAe,EACfC,GAAG,EACHC,wBAAwBR,SAASQ,qBAAqB,EACtDC,8BAA8BT,SAASS,2BAA2B,EAClEC,qBAAqB,EACrBC,yBAAyB,EACR;IACjB,MAAMC,SAASX,oBAAoB;QACjCY,gBAAgBH;QAChBI,SAASP,IAAIO,OAAO;IACtB;IAEA,mCAAmC;IACnC,MAAMC,iBAAiBV,eAAeH,oBAAoBK,IAAIS,OAAO,EAAEJ;IACvE,IAAIG,gBAAgB;QAClB,OAAO;YACL,CAACT,gBAAgB,EAAE;gBACjBW,IAAIC,MAAMC,OAAO,CAACJ,kBAAkBA,iBAAiB;oBAACA;iBAAe;YACvE;QACF;IACF;IAEA,IACER,IAAIa,IAAI,IACRT,0BACEJ,KAAKa,OAEP;QACA,OAAO;IACT;IAEA,iCAAiC;IACjC,MAAMC,sBAAsBlB,iBAAiBI,IAAIa,IAAI,EAAE;QACrDZ;QACAC;IACF;IACA,IAAIY,oBAAoBC,MAAM,GAAG,GAAG;QAClC,OAAO;YACL,CAAChB,gBAAgB,EAAE;gBACjBW,IAAII;YACN;QACF;IACF;IAEA,2FAA2F;IAC3F,OAAO;AACT,EAAC"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import type { Where } from 'payload';
|
|
2
1
|
import type { UserWithTenantsField } from '../types.js';
|
|
3
2
|
type Args = {
|
|
4
3
|
fieldName: string;
|
|
@@ -6,6 +5,10 @@ type Args = {
|
|
|
6
5
|
tenantsArrayTenantFieldName?: string;
|
|
7
6
|
user: UserWithTenantsField;
|
|
8
7
|
};
|
|
9
|
-
export declare function getTenantAccess({ fieldName, tenantsArrayFieldName, tenantsArrayTenantFieldName, user, }: Args):
|
|
8
|
+
export declare function getTenantAccess({ fieldName, tenantsArrayFieldName, tenantsArrayTenantFieldName, user, }: Args): {
|
|
9
|
+
[fieldName: string]: {
|
|
10
|
+
in: (number | string)[];
|
|
11
|
+
};
|
|
12
|
+
};
|
|
10
13
|
export {};
|
|
11
14
|
//# sourceMappingURL=getTenantAccess.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getTenantAccess.d.ts","sourceRoot":"","sources":["../../src/utilities/getTenantAccess.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"getTenantAccess.d.ts","sourceRoot":"","sources":["../../src/utilities/getTenantAccess.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AAKvD,KAAK,IAAI,GAAG;IACV,SAAS,EAAE,MAAM,CAAA;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,2BAA2B,CAAC,EAAE,MAAM,CAAA;IACpC,IAAI,EAAE,oBAAoB,CAAA;CAC3B,CAAA;AACD,wBAAgB,eAAe,CAAC,EAC9B,SAAS,EACT,qBAAsD,EACtD,2BAAkE,EAClE,IAAI,GACL,EAAE,IAAI,GAAG;IACR,CAAC,SAAS,EAAE,MAAM,GAAG;QACnB,EAAE,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAA;KACxB,CAAA;CACF,CAWA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/utilities/getTenantAccess.ts"],"sourcesContent":["import type {
|
|
1
|
+
{"version":3,"sources":["../../src/utilities/getTenantAccess.ts"],"sourcesContent":["import type { UserWithTenantsField } from '../types.js'\n\nimport { defaults } from '../defaults.js'\nimport { getUserTenantIDs } from './getUserTenantIDs.js'\n\ntype Args = {\n fieldName: string\n tenantsArrayFieldName?: string\n tenantsArrayTenantFieldName?: string\n user: UserWithTenantsField\n}\nexport function getTenantAccess({\n fieldName,\n tenantsArrayFieldName = defaults.tenantsArrayFieldName,\n tenantsArrayTenantFieldName = defaults.tenantsArrayTenantFieldName,\n user,\n}: Args): {\n [fieldName: string]: {\n in: (number | string)[]\n }\n} {\n const userAssignedTenantIDs = getUserTenantIDs(user, {\n tenantsArrayFieldName,\n tenantsArrayTenantFieldName,\n })\n\n return {\n [fieldName]: {\n in: userAssignedTenantIDs || [],\n },\n }\n}\n"],"names":["defaults","getUserTenantIDs","getTenantAccess","fieldName","tenantsArrayFieldName","tenantsArrayTenantFieldName","user","userAssignedTenantIDs","in"],"mappings":"AAEA,SAASA,QAAQ,QAAQ,iBAAgB;AACzC,SAASC,gBAAgB,QAAQ,wBAAuB;AAQxD,OAAO,SAASC,gBAAgB,EAC9BC,SAAS,EACTC,wBAAwBJ,SAASI,qBAAqB,EACtDC,8BAA8BL,SAASK,2BAA2B,EAClEC,IAAI,EACC;IAKL,MAAMC,wBAAwBN,iBAAiBK,MAAM;QACnDF;QACAC;IACF;IAEA,OAAO;QACL,CAACF,UAAU,EAAE;YACXK,IAAID,yBAAyB,EAAE;QACjC;IACF;AACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"withTenantAccess.d.ts","sourceRoot":"","sources":["../../src/utilities/withTenantAccess.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,gBAAgB,EAAoB,MAAM,SAAS,CAAA;AAEnG,OAAO,KAAK,EAAE,aAAa,EAAE,uBAAuB,EAAwB,MAAM,aAAa,CAAA;AAK/F,KAAK,IAAI,CAAC,UAAU,IAAI;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,SAAS,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;IAChC,oBAAoB,CAAC,EAAE,uBAAuB,CAAC,UAAU,CAAC,CAAC,2BAA2B,CAAC,CAAA;IACvF,cAAc,EAAE,MAAM,CAAA;IACtB,UAAU,EAAE,gBAAgB,CAAA;IAC5B,SAAS,EAAE,MAAM,CAAA;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,2BAA2B,CAAC,EAAE,MAAM,CAAA;IACpC,yBAAyB,EAAE,QAAQ,CACjC,uBAAuB,CAAC,UAAU,CAAC,CACpC,CAAC,2BAA2B,CAAC,CAAA;CAC/B,CAAA;AACD,eAAO,MAAM,gBAAgB,GAC1B,UAAU,8KAUR,IAAI,CAAC,UAAU,CAAC,YACN,UAAU,KAAG,OAAO,CAAC,YAAY,
|
|
1
|
+
{"version":3,"file":"withTenantAccess.d.ts","sourceRoot":"","sources":["../../src/utilities/withTenantAccess.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,gBAAgB,EAAoB,MAAM,SAAS,CAAA;AAEnG,OAAO,KAAK,EAAE,aAAa,EAAE,uBAAuB,EAAwB,MAAM,aAAa,CAAA;AAK/F,KAAK,IAAI,CAAC,UAAU,IAAI;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,SAAS,EAAE,aAAa,CAAC,MAAM,CAAC,CAAA;IAChC,oBAAoB,CAAC,EAAE,uBAAuB,CAAC,UAAU,CAAC,CAAC,2BAA2B,CAAC,CAAA;IACvF,cAAc,EAAE,MAAM,CAAA;IACtB,UAAU,EAAE,gBAAgB,CAAA;IAC5B,SAAS,EAAE,MAAM,CAAA;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,2BAA2B,CAAC,EAAE,MAAM,CAAA;IACpC,yBAAyB,EAAE,QAAQ,CACjC,uBAAuB,CAAC,UAAU,CAAC,CACpC,CAAC,2BAA2B,CAAC,CAAA;CAC/B,CAAA;AACD,eAAO,MAAM,gBAAgB,GAC1B,UAAU,8KAUR,IAAI,CAAC,UAAU,CAAC,YACN,UAAU,KAAG,OAAO,CAAC,YAAY,CAoF7C,CAAA"}
|
|
@@ -24,6 +24,20 @@ export const withTenantAccess = ({ accessFunction, accessKey, accessResultCallba
|
|
|
24
24
|
tenantsArrayTenantFieldName,
|
|
25
25
|
user: args.req.user
|
|
26
26
|
});
|
|
27
|
+
// User with no tenants should have no access to tenant-scoped documents
|
|
28
|
+
// except for their own user document
|
|
29
|
+
if (tenantConstraint[fieldName]?.in.length === 0) {
|
|
30
|
+
const result = collection.slug === args.req.user.collection ? {
|
|
31
|
+
id: {
|
|
32
|
+
equals: args.req.user.id
|
|
33
|
+
}
|
|
34
|
+
} : false;
|
|
35
|
+
return accessResultCallback ? accessResultCallback({
|
|
36
|
+
accessKey,
|
|
37
|
+
accessResult: result,
|
|
38
|
+
...args
|
|
39
|
+
}) : result;
|
|
40
|
+
}
|
|
27
41
|
if (collection.slug === args.req.user.collection) {
|
|
28
42
|
constraints.push({
|
|
29
43
|
or: [
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/utilities/withTenantAccess.ts"],"sourcesContent":["import type { Access, AccessArgs, AccessResult, CollectionConfig, TypedUser, Where } from 'payload'\n\nimport type { AllAccessKeys, MultiTenantPluginConfig, UserWithTenantsField } from '../types.js'\n\nimport { combineWhereConstraints } from './combineWhereConstraints.js'\nimport { getTenantAccess } from './getTenantAccess.js'\n\ntype Args<ConfigType> = {\n accessFunction?: Access\n accessKey: AllAccessKeys[number]\n accessResultCallback?: MultiTenantPluginConfig<ConfigType>['usersAccessResultOverride']\n adminUsersSlug: string\n collection: CollectionConfig\n fieldName: string\n tenantsArrayFieldName?: string\n tenantsArrayTenantFieldName?: string\n userHasAccessToAllTenants: Required<\n MultiTenantPluginConfig<ConfigType>\n >['userHasAccessToAllTenants']\n}\nexport const withTenantAccess =\n <ConfigType>({\n accessFunction,\n accessKey,\n accessResultCallback,\n adminUsersSlug,\n collection,\n fieldName,\n tenantsArrayFieldName,\n tenantsArrayTenantFieldName,\n userHasAccessToAllTenants,\n }: Args<ConfigType>) =>\n async (args: AccessArgs): Promise<AccessResult> => {\n const constraints: Where[] = []\n const accessFn =\n typeof accessFunction === 'function'\n ? accessFunction\n : ({ req }: AccessArgs): AccessResult => Boolean(req.user)\n const accessResult: AccessResult = await accessFn(args)\n\n if (accessResult === false) {\n if (accessResultCallback) {\n return accessResultCallback({\n accessKey,\n accessResult: false,\n ...args,\n })\n } else {\n return false\n }\n } else if (accessResult && typeof accessResult === 'object') {\n constraints.push(accessResult)\n }\n\n if (\n args.req.user &&\n args.req.user.collection === adminUsersSlug &&\n !userHasAccessToAllTenants(\n args.req.user as ConfigType extends { user: unknown } ? ConfigType['user'] : TypedUser,\n )\n ) {\n const tenantConstraint = getTenantAccess({\n fieldName,\n tenantsArrayFieldName,\n tenantsArrayTenantFieldName,\n user: args.req.user as UserWithTenantsField,\n })\n if (collection.slug === args.req.user.collection) {\n constraints.push({\n or: [\n {\n id: {\n equals: args.req.user.id,\n },\n },\n tenantConstraint,\n ],\n })\n } else {\n constraints.push(tenantConstraint)\n }\n\n if (accessResultCallback) {\n return accessResultCallback({\n accessKey,\n accessResult: combineWhereConstraints(constraints),\n ...args,\n })\n } else {\n return combineWhereConstraints(constraints)\n }\n }\n\n if (accessResultCallback) {\n return accessResultCallback({\n accessKey,\n accessResult,\n ...args,\n })\n } else {\n return accessResult\n }\n }\n"],"names":["combineWhereConstraints","getTenantAccess","withTenantAccess","accessFunction","accessKey","accessResultCallback","adminUsersSlug","collection","fieldName","tenantsArrayFieldName","tenantsArrayTenantFieldName","userHasAccessToAllTenants","args","constraints","accessFn","req","Boolean","user","accessResult","push","tenantConstraint","
|
|
1
|
+
{"version":3,"sources":["../../src/utilities/withTenantAccess.ts"],"sourcesContent":["import type { Access, AccessArgs, AccessResult, CollectionConfig, TypedUser, Where } from 'payload'\n\nimport type { AllAccessKeys, MultiTenantPluginConfig, UserWithTenantsField } from '../types.js'\n\nimport { combineWhereConstraints } from './combineWhereConstraints.js'\nimport { getTenantAccess } from './getTenantAccess.js'\n\ntype Args<ConfigType> = {\n accessFunction?: Access\n accessKey: AllAccessKeys[number]\n accessResultCallback?: MultiTenantPluginConfig<ConfigType>['usersAccessResultOverride']\n adminUsersSlug: string\n collection: CollectionConfig\n fieldName: string\n tenantsArrayFieldName?: string\n tenantsArrayTenantFieldName?: string\n userHasAccessToAllTenants: Required<\n MultiTenantPluginConfig<ConfigType>\n >['userHasAccessToAllTenants']\n}\nexport const withTenantAccess =\n <ConfigType>({\n accessFunction,\n accessKey,\n accessResultCallback,\n adminUsersSlug,\n collection,\n fieldName,\n tenantsArrayFieldName,\n tenantsArrayTenantFieldName,\n userHasAccessToAllTenants,\n }: Args<ConfigType>) =>\n async (args: AccessArgs): Promise<AccessResult> => {\n const constraints: Where[] = []\n const accessFn =\n typeof accessFunction === 'function'\n ? accessFunction\n : ({ req }: AccessArgs): AccessResult => Boolean(req.user)\n const accessResult: AccessResult = await accessFn(args)\n\n if (accessResult === false) {\n if (accessResultCallback) {\n return accessResultCallback({\n accessKey,\n accessResult: false,\n ...args,\n })\n } else {\n return false\n }\n } else if (accessResult && typeof accessResult === 'object') {\n constraints.push(accessResult)\n }\n\n if (\n args.req.user &&\n args.req.user.collection === adminUsersSlug &&\n !userHasAccessToAllTenants(\n args.req.user as ConfigType extends { user: unknown } ? ConfigType['user'] : TypedUser,\n )\n ) {\n const tenantConstraint = getTenantAccess({\n fieldName,\n tenantsArrayFieldName,\n tenantsArrayTenantFieldName,\n user: args.req.user as UserWithTenantsField,\n })\n\n // User with no tenants should have no access to tenant-scoped documents\n // except for their own user document\n if (tenantConstraint[fieldName]?.in.length === 0) {\n const result: AccessResult =\n collection.slug === args.req.user.collection\n ? { id: { equals: args.req.user.id } }\n : false\n\n return accessResultCallback\n ? accessResultCallback({ accessKey, accessResult: result, ...args })\n : result\n }\n\n if (collection.slug === args.req.user.collection) {\n constraints.push({\n or: [\n {\n id: {\n equals: args.req.user.id,\n },\n },\n tenantConstraint,\n ],\n })\n } else {\n constraints.push(tenantConstraint)\n }\n\n if (accessResultCallback) {\n return accessResultCallback({\n accessKey,\n accessResult: combineWhereConstraints(constraints),\n ...args,\n })\n } else {\n return combineWhereConstraints(constraints)\n }\n }\n\n if (accessResultCallback) {\n return accessResultCallback({\n accessKey,\n accessResult,\n ...args,\n })\n } else {\n return accessResult\n }\n }\n"],"names":["combineWhereConstraints","getTenantAccess","withTenantAccess","accessFunction","accessKey","accessResultCallback","adminUsersSlug","collection","fieldName","tenantsArrayFieldName","tenantsArrayTenantFieldName","userHasAccessToAllTenants","args","constraints","accessFn","req","Boolean","user","accessResult","push","tenantConstraint","in","length","result","slug","id","equals","or"],"mappings":"AAIA,SAASA,uBAAuB,QAAQ,+BAA8B;AACtE,SAASC,eAAe,QAAQ,uBAAsB;AAetD,OAAO,MAAMC,mBACX,CAAa,EACXC,cAAc,EACdC,SAAS,EACTC,oBAAoB,EACpBC,cAAc,EACdC,UAAU,EACVC,SAAS,EACTC,qBAAqB,EACrBC,2BAA2B,EAC3BC,yBAAyB,EACR,GACnB,OAAOC;QACL,MAAMC,cAAuB,EAAE;QAC/B,MAAMC,WACJ,OAAOX,mBAAmB,aACtBA,iBACA,CAAC,EAAEY,GAAG,EAAc,GAAmBC,QAAQD,IAAIE,IAAI;QAC7D,MAAMC,eAA6B,MAAMJ,SAASF;QAElD,IAAIM,iBAAiB,OAAO;YAC1B,IAAIb,sBAAsB;gBACxB,OAAOA,qBAAqB;oBAC1BD;oBACAc,cAAc;oBACd,GAAGN,IAAI;gBACT;YACF,OAAO;gBACL,OAAO;YACT;QACF,OAAO,IAAIM,gBAAgB,OAAOA,iBAAiB,UAAU;YAC3DL,YAAYM,IAAI,CAACD;QACnB;QAEA,IACEN,KAAKG,GAAG,CAACE,IAAI,IACbL,KAAKG,GAAG,CAACE,IAAI,CAACV,UAAU,KAAKD,kBAC7B,CAACK,0BACCC,KAAKG,GAAG,CAACE,IAAI,GAEf;YACA,MAAMG,mBAAmBnB,gBAAgB;gBACvCO;gBACAC;gBACAC;gBACAO,MAAML,KAAKG,GAAG,CAACE,IAAI;YACrB;YAEA,wEAAwE;YACxE,qCAAqC;YACrC,IAAIG,gBAAgB,CAACZ,UAAU,EAAEa,GAAGC,WAAW,GAAG;gBAChD,MAAMC,SACJhB,WAAWiB,IAAI,KAAKZ,KAAKG,GAAG,CAACE,IAAI,CAACV,UAAU,GACxC;oBAAEkB,IAAI;wBAAEC,QAAQd,KAAKG,GAAG,CAACE,IAAI,CAACQ,EAAE;oBAAC;gBAAE,IACnC;gBAEN,OAAOpB,uBACHA,qBAAqB;oBAAED;oBAAWc,cAAcK;oBAAQ,GAAGX,IAAI;gBAAC,KAChEW;YACN;YAEA,IAAIhB,WAAWiB,IAAI,KAAKZ,KAAKG,GAAG,CAACE,IAAI,CAACV,UAAU,EAAE;gBAChDM,YAAYM,IAAI,CAAC;oBACfQ,IAAI;wBACF;4BACEF,IAAI;gCACFC,QAAQd,KAAKG,GAAG,CAACE,IAAI,CAACQ,EAAE;4BAC1B;wBACF;wBACAL;qBACD;gBACH;YACF,OAAO;gBACLP,YAAYM,IAAI,CAACC;YACnB;YAEA,IAAIf,sBAAsB;gBACxB,OAAOA,qBAAqB;oBAC1BD;oBACAc,cAAclB,wBAAwBa;oBACtC,GAAGD,IAAI;gBACT;YACF,OAAO;gBACL,OAAOZ,wBAAwBa;YACjC;QACF;QAEA,IAAIR,sBAAsB;YACxB,OAAOA,qBAAqB;gBAC1BD;gBACAc;gBACA,GAAGN,IAAI;YACT;QACF,OAAO;YACL,OAAOM;QACT;IACF,EAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@payloadcms/plugin-multi-tenant",
|
|
3
|
-
"version": "3.78.0-internal
|
|
3
|
+
"version": "3.78.0-internal.5219978",
|
|
4
4
|
"description": "Multi Tenant plugin for Payload",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"payload",
|
|
@@ -81,13 +81,13 @@
|
|
|
81
81
|
],
|
|
82
82
|
"devDependencies": {
|
|
83
83
|
"@payloadcms/eslint-config": "3.28.0",
|
|
84
|
-
"@payloadcms/
|
|
85
|
-
"@payloadcms/
|
|
86
|
-
"payload": "3.78.0-internal
|
|
84
|
+
"@payloadcms/ui": "3.78.0-internal.5219978",
|
|
85
|
+
"@payloadcms/translations": "3.78.0-internal.5219978",
|
|
86
|
+
"payload": "3.78.0-internal.5219978"
|
|
87
87
|
},
|
|
88
88
|
"peerDependencies": {
|
|
89
|
-
"@payloadcms/ui": "3.78.0-internal
|
|
90
|
-
"payload": "3.78.0-internal
|
|
89
|
+
"@payloadcms/ui": "3.78.0-internal.5219978",
|
|
90
|
+
"payload": "3.78.0-internal.5219978"
|
|
91
91
|
},
|
|
92
92
|
"homepage:": "https://payloadcms.com",
|
|
93
93
|
"scripts": {
|