@zealamic/payload-auth-rbac-plugin 1.0.0 → 1.0.1

package/src/collections/roles/index.ts

@@ -0,0 +1,178 @@
+import type { CollectionConfig, Condition } from "payload";
+import { DATA_SCOPE, STATUS } from "../../lib/constants/role.js";
+import {
+  getArrayOfMergedFieldAffectingData,
+  getSuperAdminAccess,
+  toLocaleRecord,
+  toSelectPlaceholder,
+} from "../../lib/utils/index.js";
+import { syncPermissionMatrixDraftAfterChange } from "./hooks/sync-permission-matrix-draft.js";
+import type { RolesCollectionParams } from "./types.js";
+
+export const getRolesCollection = (params: RolesCollectionParams) => {
+  const {
+    translations = {},
+    access = {},
+    fields = [],
+    labels = {},
+    admin = {},
+  } = params || {};
+  const arrTranslationsKeys = Object.keys(translations);
+  const roles: CollectionConfig = {
+    slug: "roles",
+    labels: {
+      singular: toLocaleRecord(
+        arrTranslationsKeys,
+        (locale) => translations[locale]?.labels?.singular,
+      ),
+      plural: toLocaleRecord(
+        arrTranslationsKeys,
+        (locale) => translations[locale]?.labels?.plural,
+      ),
+      ...labels,
+    },
+    admin: {
+      group: toLocaleRecord(
+        arrTranslationsKeys,
+        (locale) => translations[locale]?.admin?.group,
+      ),
+      useAsTitle: "name",
+      defaultColumns: ["code", "name", "description", "status", "updatedAt"],
+      ...admin,
+    },
+    access: {
+      create: getSuperAdminAccess,
+      update: getSuperAdminAccess,
+      delete: getSuperAdminAccess,
+      read: getSuperAdminAccess,
+      readVersions: getSuperAdminAccess,
+      unlock: getSuperAdminAccess,
+      admin: ({ req }) => {
+        return getSuperAdminAccess({ req });
+      },
+      ...access,
+    },
+    hooks: {
+      afterChange: [syncPermissionMatrixDraftAfterChange],
+    },
+    fields: getArrayOfMergedFieldAffectingData({
+      fields,
+      defaultFields: [
+        {
+          name: "code",
+          type: "text",
+          required: true,
+          unique: true,
+          index: true,
+          label: toLocaleRecord(
+            arrTranslationsKeys,
+            (locale) => translations[locale]?.fields?.code?.label,
+          ),
+          admin: {
+            placeholder: toLocaleRecord(
+              arrTranslationsKeys,
+              (locale) => translations[locale]?.fields?.code?.placeholder,
+            ),
+          },
+        },
+        {
+          name: "name",
+          type: "text",
+          required: true,
+          label: toLocaleRecord(
+            arrTranslationsKeys,
+            (locale) => translations[locale]?.fields?.name?.label,
+          ),
+          admin: {
+            placeholder: toLocaleRecord(
+              arrTranslationsKeys,
+              (locale) => translations[locale]?.fields?.name?.placeholder,
+            ),
+          },
+        },
+        {
+          name: "description",
+          type: "text",
+          label: toLocaleRecord(
+            arrTranslationsKeys,
+            (locale) => translations[locale]?.fields?.description?.label,
+          ),
+          admin: {
+            placeholder: toLocaleRecord(
+              arrTranslationsKeys,
+              (locale) =>
+                translations[locale]?.fields?.description?.placeholder,
+            ),
+          },
+        },
+        {
+          name: "status",
+          type: "select",
+          required: true,
+          label: toLocaleRecord(
+            arrTranslationsKeys,
+            (locale) => translations[locale]?.fields?.status?.label,
+          ),
+          defaultValue: STATUS.ACTIVE,
+          options: Object.values(STATUS).map((status) => ({
+            label: toLocaleRecord(
+              arrTranslationsKeys,
+              (locale) =>
+                translations[locale]?.fields?.status?.[`${status}Label`],
+            ),
+            value: status,
+          })),
+          admin: {
+            placeholder: toSelectPlaceholder(
+              arrTranslationsKeys,
+              (locale) => translations[locale]?.fields?.status?.placeholder,
+            ),
+          },
+        },
+        {
+          name: "dataScope",
+          type: "select",
+          required: true,
+          label: toLocaleRecord(
+            arrTranslationsKeys,
+            (locale) => translations[locale]?.fields?.dataScope?.label,
+          ),
+          defaultValue: DATA_SCOPE.OWN,
+          options: Object.values(DATA_SCOPE).map((dataScope) => ({
+            label: toLocaleRecord(
+              arrTranslationsKeys,
+              (locale) =>
+                translations[locale]?.fields?.dataScope?.[`${dataScope}Label`],
+            ),
+            value: dataScope,
+          })),
+          admin: {
+            placeholder: toSelectPlaceholder(
+              arrTranslationsKeys,
+              (locale) => translations[locale]?.fields?.dataScope?.placeholder,
+            ),
+          },
+        },
+        {
+          name: "permissionMatrixDraft",
+          type: "json",
+          label: toLocaleRecord(
+            arrTranslationsKeys,
+            (locale) => translations[locale]?.fields?.permissionMatrix?.label,
+          ),
+          admin: {
+            components: {
+              Field:
+                "payload-auth-rbac-plugin/client#RolePermissionMatrixClient",
+            },
+            condition: ((_, __, { operation }) =>
+              operation === "update") satisfies Condition,
+          },
+        },
+      ],
+    }),
+    timestamps: true,
+  };
+
+  return roles;
+};

package/src/collections/roles/types.ts

@@ -0,0 +1,56 @@
+import type { CollectionConfig, Field } from "payload"
+import type { DATA_SCOPE, STATUS } from "../../lib/constants/role.js"
+
+export type DataScope = (typeof DATA_SCOPE)[keyof typeof DATA_SCOPE]
+export type RoleStatus = (typeof STATUS)[keyof typeof STATUS]
+
+export type RolesCollectionTranslations = {
+  [locale: string]: {
+    labels?: {
+      singular?: string
+      plural?: string
+    }
+    admin?: {
+      group?: string
+    }
+    fields?: {
+      code?: {
+        label?: string
+        placeholder?: string
+      }
+      name?: {
+        label?: string
+        placeholder?: string
+      }
+      description?: {
+        label?: string
+        placeholder?: string
+      }
+      status?: {
+        label?: string
+        placeholder?: string
+        activeLabel?: string
+        inactiveLabel?: string
+      }
+      dataScope?: {
+        label?: string
+        placeholder?: string
+        allLabel?: string
+        ownLabel?: string
+        hierarchyLabel?: string
+      }
+      permissionMatrix?: {
+        label?: string
+        placeholder?: string
+      }
+    }
+  }
+}
+
+export type RolesCollectionParams = {
+  translations?: RolesCollectionTranslations
+  fields?: Field[]
+  access?: CollectionConfig["access"]
+  labels?: CollectionConfig["labels"]
+  admin?: CollectionConfig["admin"]
+}

package/src/collections/roles-permissions/default-data.ts

@@ -0,0 +1,28 @@
+import type { RolesPermissionsCollectionTranslations } from "./types.js";
+
+export const rolesPermissionsDefaultTranslations: RolesPermissionsCollectionTranslations =
+  {
+    en: {
+      labels: {
+        singular: "Role Permission",
+        plural: "Role Permissions",
+      },
+      admin: {
+        group: "System",
+      },
+      fields: {
+        role: {
+          label: "Role",
+          placeholder: "Select role",
+        },
+        permission: {
+          label: "Permission",
+          placeholder: "Select permission",
+        },
+        enabled: {
+          label: "Enabled",
+          placeholder: "Check enabled",
+        },
+      },
+    },
+  };

package/src/collections/roles-permissions/index.ts

@@ -0,0 +1,107 @@
+import type { CollectionConfig } from "payload";
+import {
+  getArrayOfMergedFieldAffectingData,
+  getSuperAdminAccess,
+  toLocaleRecord,
+  toSelectPlaceholder,
+} from "../../lib/utils/index.js";
+import type { RolesPermissionsCollectionParams } from "./types.js";
+
+export const getRolesPermissionsCollection = (
+  params: RolesPermissionsCollectionParams,
+) => {
+  const {
+    translations = {},
+    access = {},
+    fields = [],
+    labels = {},
+    admin = {},
+  } = params || {};
+  const arrTranslationsKeys = Object.keys(translations);
+  const rolesPermissions: CollectionConfig = {
+    slug: "roles-permissions",
+    labels: {
+      singular: toLocaleRecord(
+        arrTranslationsKeys,
+        (locale) => translations[locale]?.labels?.singular,
+      ),
+      plural: toLocaleRecord(
+        arrTranslationsKeys,
+        (locale) => translations[locale]?.labels?.plural,
+      ),
+      ...labels,
+    },
+    admin: {
+      group: toLocaleRecord(
+        arrTranslationsKeys,
+        (locale) => translations[locale]?.admin?.group,
+      ),
+      useAsTitle: "role",
+      defaultColumns: ["role", "permission", "enabled", "updatedAt"],
+      hidden: true,
+      ...admin,
+    },
+    access: {
+      create: getSuperAdminAccess,
+      update: getSuperAdminAccess,
+      delete: getSuperAdminAccess,
+      read: getSuperAdminAccess,
+      readVersions: getSuperAdminAccess,
+      unlock: getSuperAdminAccess,
+      admin: ({ req }) => {
+        return getSuperAdminAccess({ req });
+      },
+      ...access,
+    },
+    fields: getArrayOfMergedFieldAffectingData({
+      fields,
+      defaultFields: [
+        {
+          name: "role",
+          type: "relationship",
+          required: true,
+          relationTo: "roles",
+          label: toLocaleRecord(
+            arrTranslationsKeys,
+            (locale) => translations[locale]?.fields?.role?.label,
+          ),
+          admin: {
+            placeholder: toSelectPlaceholder(
+              arrTranslationsKeys,
+              (locale) => translations[locale]?.fields?.role?.placeholder,
+            ),
+          },
+        },
+        {
+          name: "permission",
+          type: "relationship",
+          relationTo: "permissions",
+          required: true,
+          label: toLocaleRecord(
+            arrTranslationsKeys,
+            (locale) => translations[locale]?.fields?.permission?.label,
+          ),
+          admin: {
+            placeholder: toSelectPlaceholder(
+              arrTranslationsKeys,
+              (locale) => translations[locale]?.fields?.permission?.placeholder,
+            ),
+          },
+        },
+        {
+          name: "enabled",
+          type: "checkbox",
+          required: false,
+          defaultValue: true,
+          label: toLocaleRecord(
+            arrTranslationsKeys,
+            (locale) => translations[locale]?.fields?.enabled?.label,
+          ),
+        },
+      ],
+    }),
+    timestamps: true,
+  };
+
+  return rolesPermissions;
+};

package/src/collections/roles-permissions/types.ts

@@ -0,0 +1,42 @@
+import type { CollectionConfig, Field } from "payload";
+
+export type RolesPermissionsCollectionTranslations = {
+  [locale: string]: {
+    labels?: {
+      singular?: string;
+      plural?: string;
+    };
+    admin?: {
+      group?: string;
+    };
+    fields?: {
+      role?: {
+        label?: string;
+        placeholder?: string;
+      };
+      permission?: {
+        label?: string;
+        placeholder?: string;
+      };
+      enabled?: {
+        label?: string;
+        placeholder?: string;
+      };
+    };
+  };
+};
+
+export type RolesPermissionsCollectionParams = {
+  translations?: RolesPermissionsCollectionTranslations;
+  fields?: Field[];
+  access?: CollectionConfig["access"];
+  labels?: CollectionConfig["labels"];
+  admin?: CollectionConfig["admin"];
+};
+
+export type RolePermission = {
+  id: string | number;
+  role?: string | number;
+  permission?: string | number;
+  enabled?: boolean;
+};

package/src/collections/users/default-data.ts

@@ -0,0 +1,19 @@
+import { UsersModificationTranslations } from "./types.js";
+
+export const usersDefaultTranslations: UsersModificationTranslations = {
+  en: {
+    fields: {
+      isSuperAdmin: {
+        label: "Super Admin",
+      },
+      roles: {
+        label: "Roles",
+        placeholder: "Select roles",
+      },
+      parent: {
+        label: "Parent",
+        placeholder: "Select parent",
+      },
+    },
+  },
+};

package/src/collections/users/index.ts

@@ -0,0 +1,148 @@
+import type { Config, Field, PayloadRequest } from "payload";
+import {
+  getArrayOfMergedFieldAffectingData,
+  getPermissionAccess,
+  toLocaleRecord,
+} from "../../lib/utils/index.js";
+import { mergeUserCollectionHooks } from "./parent-path.js";
+import type {
+  UsersModificationParams,
+  UsersModificationTranslations,
+} from "./types.js";
+
+const buildDefaultFields = (
+  translations: UsersModificationTranslations,
+): Field[] => {
+  const locales = Object.keys(translations);
+  return [
+    {
+      name: "isSuperAdmin",
+      type: "checkbox",
+      defaultValue: false,
+      label: toLocaleRecord(
+        locales,
+        (locale) => translations[locale]?.fields?.isSuperAdmin?.label,
+      ),
+      admin: {
+        readOnly: true,
+      },
+    },
+    {
+      name: "roles",
+      type: "relationship",
+      relationTo: "roles",
+      hasMany: true,
+      label: toLocaleRecord(
+        locales,
+        (locale) => translations[locale]?.fields?.roles?.label,
+      ),
+    },
+    {
+      name: "parent",
+      type: "relationship",
+      relationTo: "users",
+      label: toLocaleRecord(
+        locales,
+        (locale) => translations[locale]?.fields?.parent?.label,
+      ),
+      filterOptions: ({ id }) => (id ? { id: { not_equals: id } } : true),
+    },
+    {
+      name: "parentPath",
+      type: "text",
+      index: true,
+      admin: {
+        hidden: true,
+        readOnly: true,
+      },
+    },
+  ];
+};
+
+export const modifyUsersCollection = (params: UsersModificationParams = {}) => {
+  const { translations = {}, fields: customFields = [] } = params;
+
+  return (incomingConfig: Config): Config => {
+    const config = { ...incomingConfig };
+    const userSlug = config.admin?.user || "users";
+
+    const customAdmin = {
+      defaultColumns: ["email", "roles", "isSuperAdmin", "updatedAt"],
+      useAsTitle: "email",
+      ...config.admin,
+    };
+
+    const pluginFields = getArrayOfMergedFieldAffectingData({
+      defaultFields: buildDefaultFields(translations),
+      fields: customFields,
+    });
+
+    const existing = (config.collections || []).find(
+      (c) => c.slug === userSlug,
+    );
+    const dataScopeOptions = {
+      createdByField: "id",
+      usersCollectionSlug: userSlug,
+    } as const;
+
+    const defaultAccess = {
+      create: getPermissionAccess({
+        featureCode: userSlug,
+        actionCode: "create",
+      }),
+      update: getPermissionAccess({
+        featureCode: userSlug,
+        actionCode: "update",
+        mode: "modify",
+        collectionSlug: userSlug,
+        options: dataScopeOptions,
+      }),
+      delete: getPermissionAccess({
+        featureCode: userSlug,
+        actionCode: "delete",
+        mode: "modify",
+        collectionSlug: userSlug,
+        options: dataScopeOptions,
+      }),
+      read: getPermissionAccess({
+        featureCode: userSlug,
+        actionCode: "read",
+        options: dataScopeOptions,
+      }),
+    };
+
+    if (existing) {
+      config.collections = (config.collections || []).map((collection) => {
+        if (collection.slug !== userSlug) {
+          return collection;
+        }
+        return {
+          ...collection,
+          fields: [...collection.fields, ...pluginFields],
+          access: {
+            ...defaultAccess,
+            ...collection.access,
+          },
+          hooks: mergeUserCollectionHooks({
+            existingHooks: collection.hooks,
+            userSlug,
+          }),
+        };
+      });
+    } else {
+      config.collections = [
+        ...(config.collections || []),
+        {
+          slug: userSlug,
+          auth: true,
+          admin: customAdmin,
+          fields: pluginFields,
+          access: defaultAccess,
+          hooks: mergeUserCollectionHooks({ userSlug }),
+        },
+      ];
+    }
+
+    return config;
+  };
+};