@zealamic/payload-auth-rbac-plugin 1.0.1 → 1.0.2

package/src/collections/roles/default-data.ts

@@ -1,44 +0,0 @@
-import type { RolesCollectionTranslations } from "./types.js"
-
-export const rolesDefaultTranslations: RolesCollectionTranslations = {
-  en: {
-    labels: {
-      singular: "Role",
-      plural: "Roles",
-    },
-    admin: {
-      group: "System",
-    },
-    fields: {
-      code: {
-        label: "Code",
-        placeholder: "Enter code",
-      },
-      name: {
-        label: "Name",
-        placeholder: "Enter name",
-      },
-      description: {
-        label: "Description",
-        placeholder: "Enter description",
-      },
-      status: {
-        label: "Status",
-        placeholder: "Select status",
-        activeLabel: "Active",
-        inactiveLabel: "Inactive",
-      },
-      dataScope: {
-        label: "Data Scope",
-        placeholder: "Select data scope",
-        ownLabel: "Own",
-        allLabel: "All",
-        hierarchyLabel: "Hierarchy",
-      },
-      permissionMatrix: {
-        label: "Permission Matrix",
-        placeholder: "Select permission matrix",
-      },
-    },
-  },
-}

package/src/collections/roles/hooks/sync-permission-matrix-draft.ts

@@ -1,73 +0,0 @@
-import type { CollectionAfterChangeHook } from "payload";
-
-type PermissionMatrixDraft = Record<string, boolean>;
-
-const isPermissionMatrixDraft = (
-  value: unknown,
-): value is PermissionMatrixDraft => {
-  if (!value || typeof value !== "object" || Array.isArray(value)) {
-    return false;
-  }
-
-  return Object.values(value).every((entry) => typeof entry === "boolean");
-};
-
-/**
- * Persists `permissionMatrixDraft` on the role document into `roles-permissions` rows.
- * RBAC checks use `roles-permissions`, not the JSON draft field.
- */
-export const syncPermissionMatrixDraftAfterChange: CollectionAfterChangeHook =
-  async ({ doc, req }) => {
-    if (!doc.id || !isPermissionMatrixDraft(doc.permissionMatrixDraft)) {
-      return;
-    }
-
-    const roleID = doc.id;
-
-    for (const [permissionID, enabled] of Object.entries(
-      doc.permissionMatrixDraft,
-    )) {
-      if (!permissionID) {
-        continue;
-      }
-
-      const existing = await req.payload.find({
-        collection: "roles-permissions",
-        depth: 0,
-        limit: 1,
-        req,
-        where: {
-          and: [
-            { role: { equals: roleID } },
-            { permission: { equals: permissionID } },
-          ],
-        },
-      });
-
-      const row = existing.docs[0];
-
-      if (row?.id) {
-        if (row.enabled === enabled) {
-          continue;
-        }
-
-        await req.payload.update({
-          id: row.id,
-          collection: "roles-permissions",
-          data: { enabled },
-          req,
-        });
-        continue;
-      }
-
-      await req.payload.create({
-        collection: "roles-permissions",
-        data: {
-          role: roleID,
-          permission: permissionID,
-          enabled,
-        },
-        req,
-      });
-    }
-  };

package/src/collections/roles/index.ts

@@ -1,178 +0,0 @@
-import type { CollectionConfig, Condition } from "payload";
-import { DATA_SCOPE, STATUS } from "../../lib/constants/role.js";
-import {
-  getArrayOfMergedFieldAffectingData,
-  getSuperAdminAccess,
-  toLocaleRecord,
-  toSelectPlaceholder,
-} from "../../lib/utils/index.js";
-import { syncPermissionMatrixDraftAfterChange } from "./hooks/sync-permission-matrix-draft.js";
-import type { RolesCollectionParams } from "./types.js";
-
-export const getRolesCollection = (params: RolesCollectionParams) => {
-  const {
-    translations = {},
-    access = {},
-    fields = [],
-    labels = {},
-    admin = {},
-  } = params || {};
-  const arrTranslationsKeys = Object.keys(translations);
-  const roles: CollectionConfig = {
-    slug: "roles",
-    labels: {
-      singular: toLocaleRecord(
-        arrTranslationsKeys,
-        (locale) => translations[locale]?.labels?.singular,
-      ),
-      plural: toLocaleRecord(
-        arrTranslationsKeys,
-        (locale) => translations[locale]?.labels?.plural,
-      ),
-      ...labels,
-    },
-    admin: {
-      group: toLocaleRecord(
-        arrTranslationsKeys,
-        (locale) => translations[locale]?.admin?.group,
-      ),
-      useAsTitle: "name",
-      defaultColumns: ["code", "name", "description", "status", "updatedAt"],
-      ...admin,
-    },
-    access: {
-      create: getSuperAdminAccess,
-      update: getSuperAdminAccess,
-      delete: getSuperAdminAccess,
-      read: getSuperAdminAccess,
-      readVersions: getSuperAdminAccess,
-      unlock: getSuperAdminAccess,
-      admin: ({ req }) => {
-        return getSuperAdminAccess({ req });
-      },
-      ...access,
-    },
-    hooks: {
-      afterChange: [syncPermissionMatrixDraftAfterChange],
-    },
-    fields: getArrayOfMergedFieldAffectingData({
-      fields,
-      defaultFields: [
-        {
-          name: "code",
-          type: "text",
-          required: true,
-          unique: true,
-          index: true,
-          label: toLocaleRecord(
-            arrTranslationsKeys,
-            (locale) => translations[locale]?.fields?.code?.label,
-          ),
-          admin: {
-            placeholder: toLocaleRecord(
-              arrTranslationsKeys,
-              (locale) => translations[locale]?.fields?.code?.placeholder,
-            ),
-          },
-        },
-        {
-          name: "name",
-          type: "text",
-          required: true,
-          label: toLocaleRecord(
-            arrTranslationsKeys,
-            (locale) => translations[locale]?.fields?.name?.label,
-          ),
-          admin: {
-            placeholder: toLocaleRecord(
-              arrTranslationsKeys,
-              (locale) => translations[locale]?.fields?.name?.placeholder,
-            ),
-          },
-        },
-        {
-          name: "description",
-          type: "text",
-          label: toLocaleRecord(
-            arrTranslationsKeys,
-            (locale) => translations[locale]?.fields?.description?.label,
-          ),
-          admin: {
-            placeholder: toLocaleRecord(
-              arrTranslationsKeys,
-              (locale) =>
-                translations[locale]?.fields?.description?.placeholder,
-            ),
-          },
-        },
-        {
-          name: "status",
-          type: "select",
-          required: true,
-          label: toLocaleRecord(
-            arrTranslationsKeys,
-            (locale) => translations[locale]?.fields?.status?.label,
-          ),
-          defaultValue: STATUS.ACTIVE,
-          options: Object.values(STATUS).map((status) => ({
-            label: toLocaleRecord(
-              arrTranslationsKeys,
-              (locale) =>
-                translations[locale]?.fields?.status?.[`${status}Label`],
-            ),
-            value: status,
-          })),
-          admin: {
-            placeholder: toSelectPlaceholder(
-              arrTranslationsKeys,
-              (locale) => translations[locale]?.fields?.status?.placeholder,
-            ),
-          },
-        },
-        {
-          name: "dataScope",
-          type: "select",
-          required: true,
-          label: toLocaleRecord(
-            arrTranslationsKeys,
-            (locale) => translations[locale]?.fields?.dataScope?.label,
-          ),
-          defaultValue: DATA_SCOPE.OWN,
-          options: Object.values(DATA_SCOPE).map((dataScope) => ({
-            label: toLocaleRecord(
-              arrTranslationsKeys,
-              (locale) =>
-                translations[locale]?.fields?.dataScope?.[`${dataScope}Label`],
-            ),
-            value: dataScope,
-          })),
-          admin: {
-            placeholder: toSelectPlaceholder(
-              arrTranslationsKeys,
-              (locale) => translations[locale]?.fields?.dataScope?.placeholder,
-            ),
-          },
-        },
-        {
-          name: "permissionMatrixDraft",
-          type: "json",
-          label: toLocaleRecord(
-            arrTranslationsKeys,
-            (locale) => translations[locale]?.fields?.permissionMatrix?.label,
-          ),
-          admin: {
-            components: {
-              Field:
-                "payload-auth-rbac-plugin/client#RolePermissionMatrixClient",
-            },
-            condition: ((_, __, { operation }) =>
-              operation === "update") satisfies Condition,
-          },
-        },
-      ],
-    }),
-    timestamps: true,
-  };
-
-  return roles;
-};

package/src/collections/roles/types.ts

@@ -1,56 +0,0 @@
-import type { CollectionConfig, Field } from "payload"
-import type { DATA_SCOPE, STATUS } from "../../lib/constants/role.js"
-
-export type DataScope = (typeof DATA_SCOPE)[keyof typeof DATA_SCOPE]
-export type RoleStatus = (typeof STATUS)[keyof typeof STATUS]
-
-export type RolesCollectionTranslations = {
-  [locale: string]: {
-    labels?: {
-      singular?: string
-      plural?: string
-    }
-    admin?: {
-      group?: string
-    }
-    fields?: {
-      code?: {
-        label?: string
-        placeholder?: string
-      }
-      name?: {
-        label?: string
-        placeholder?: string
-      }
-      description?: {
-        label?: string
-        placeholder?: string
-      }
-      status?: {
-        label?: string
-        placeholder?: string
-        activeLabel?: string
-        inactiveLabel?: string
-      }
-      dataScope?: {
-        label?: string
-        placeholder?: string
-        allLabel?: string
-        ownLabel?: string
-        hierarchyLabel?: string
-      }
-      permissionMatrix?: {
-        label?: string
-        placeholder?: string
-      }
-    }
-  }
-}
-
-export type RolesCollectionParams = {
-  translations?: RolesCollectionTranslations
-  fields?: Field[]
-  access?: CollectionConfig["access"]
-  labels?: CollectionConfig["labels"]
-  admin?: CollectionConfig["admin"]
-}

package/src/collections/roles-permissions/default-data.ts

@@ -1,28 +0,0 @@
-import type { RolesPermissionsCollectionTranslations } from "./types.js";
-
-export const rolesPermissionsDefaultTranslations: RolesPermissionsCollectionTranslations =
-  {
-    en: {
-      labels: {
-        singular: "Role Permission",
-        plural: "Role Permissions",
-      },
-      admin: {
-        group: "System",
-      },
-      fields: {
-        role: {
-          label: "Role",
-          placeholder: "Select role",
-        },
-        permission: {
-          label: "Permission",
-          placeholder: "Select permission",
-        },
-        enabled: {
-          label: "Enabled",
-          placeholder: "Check enabled",
-        },
-      },
-    },
-  };

package/src/collections/roles-permissions/index.ts

@@ -1,107 +0,0 @@
-import type { CollectionConfig } from "payload";
-import {
-  getArrayOfMergedFieldAffectingData,
-  getSuperAdminAccess,
-  toLocaleRecord,
-  toSelectPlaceholder,
-} from "../../lib/utils/index.js";
-import type { RolesPermissionsCollectionParams } from "./types.js";
-
-export const getRolesPermissionsCollection = (
-  params: RolesPermissionsCollectionParams,
-) => {
-  const {
-    translations = {},
-    access = {},
-    fields = [],
-    labels = {},
-    admin = {},
-  } = params || {};
-  const arrTranslationsKeys = Object.keys(translations);
-  const rolesPermissions: CollectionConfig = {
-    slug: "roles-permissions",
-    labels: {
-      singular: toLocaleRecord(
-        arrTranslationsKeys,
-        (locale) => translations[locale]?.labels?.singular,
-      ),
-      plural: toLocaleRecord(
-        arrTranslationsKeys,
-        (locale) => translations[locale]?.labels?.plural,
-      ),
-      ...labels,
-    },
-    admin: {
-      group: toLocaleRecord(
-        arrTranslationsKeys,
-        (locale) => translations[locale]?.admin?.group,
-      ),
-      useAsTitle: "role",
-      defaultColumns: ["role", "permission", "enabled", "updatedAt"],
-      hidden: true,
-      ...admin,
-    },
-    access: {
-      create: getSuperAdminAccess,
-      update: getSuperAdminAccess,
-      delete: getSuperAdminAccess,
-      read: getSuperAdminAccess,
-      readVersions: getSuperAdminAccess,
-      unlock: getSuperAdminAccess,
-      admin: ({ req }) => {
-        return getSuperAdminAccess({ req });
-      },
-      ...access,
-    },
-    fields: getArrayOfMergedFieldAffectingData({
-      fields,
-      defaultFields: [
-        {
-          name: "role",
-          type: "relationship",
-          required: true,
-          relationTo: "roles",
-          label: toLocaleRecord(
-            arrTranslationsKeys,
-            (locale) => translations[locale]?.fields?.role?.label,
-          ),
-          admin: {
-            placeholder: toSelectPlaceholder(
-              arrTranslationsKeys,
-              (locale) => translations[locale]?.fields?.role?.placeholder,
-            ),
-          },
-        },
-        {
-          name: "permission",
-          type: "relationship",
-          relationTo: "permissions",
-          required: true,
-          label: toLocaleRecord(
-            arrTranslationsKeys,
-            (locale) => translations[locale]?.fields?.permission?.label,
-          ),
-          admin: {
-            placeholder: toSelectPlaceholder(
-              arrTranslationsKeys,
-              (locale) => translations[locale]?.fields?.permission?.placeholder,
-            ),
-          },
-        },
-        {
-          name: "enabled",
-          type: "checkbox",
-          required: false,
-          defaultValue: true,
-          label: toLocaleRecord(
-            arrTranslationsKeys,
-            (locale) => translations[locale]?.fields?.enabled?.label,
-          ),
-        },
-      ],
-    }),
-    timestamps: true,
-  };
-
-  return rolesPermissions;
-};

package/src/collections/roles-permissions/types.ts

@@ -1,42 +0,0 @@
-import type { CollectionConfig, Field } from "payload";
-
-export type RolesPermissionsCollectionTranslations = {
-  [locale: string]: {
-    labels?: {
-      singular?: string;
-      plural?: string;
-    };
-    admin?: {
-      group?: string;
-    };
-    fields?: {
-      role?: {
-        label?: string;
-        placeholder?: string;
-      };
-      permission?: {
-        label?: string;
-        placeholder?: string;
-      };
-      enabled?: {
-        label?: string;
-        placeholder?: string;
-      };
-    };
-  };
-};
-
-export type RolesPermissionsCollectionParams = {
-  translations?: RolesPermissionsCollectionTranslations;
-  fields?: Field[];
-  access?: CollectionConfig["access"];
-  labels?: CollectionConfig["labels"];
-  admin?: CollectionConfig["admin"];
-};
-
-export type RolePermission = {
-  id: string | number;
-  role?: string | number;
-  permission?: string | number;
-  enabled?: boolean;
-};

package/src/collections/users/default-data.ts

@@ -1,19 +0,0 @@
-import { UsersModificationTranslations } from "./types.js";
-
-export const usersDefaultTranslations: UsersModificationTranslations = {
-  en: {
-    fields: {
-      isSuperAdmin: {
-        label: "Super Admin",
-      },
-      roles: {
-        label: "Roles",
-        placeholder: "Select roles",
-      },
-      parent: {
-        label: "Parent",
-        placeholder: "Select parent",
-      },
-    },
-  },
-};

package/src/collections/users/index.ts

@@ -1,148 +0,0 @@
-import type { Config, Field, PayloadRequest } from "payload";
-import {
-  getArrayOfMergedFieldAffectingData,
-  getPermissionAccess,
-  toLocaleRecord,
-} from "../../lib/utils/index.js";
-import { mergeUserCollectionHooks } from "./parent-path.js";
-import type {
-  UsersModificationParams,
-  UsersModificationTranslations,
-} from "./types.js";
-
-const buildDefaultFields = (
-  translations: UsersModificationTranslations,
-): Field[] => {
-  const locales = Object.keys(translations);
-  return [
-    {
-      name: "isSuperAdmin",
-      type: "checkbox",
-      defaultValue: false,
-      label: toLocaleRecord(
-        locales,
-        (locale) => translations[locale]?.fields?.isSuperAdmin?.label,
-      ),
-      admin: {
-        readOnly: true,
-      },
-    },
-    {
-      name: "roles",
-      type: "relationship",
-      relationTo: "roles",
-      hasMany: true,
-      label: toLocaleRecord(
-        locales,
-        (locale) => translations[locale]?.fields?.roles?.label,
-      ),
-    },
-    {
-      name: "parent",
-      type: "relationship",
-      relationTo: "users",
-      label: toLocaleRecord(
-        locales,
-        (locale) => translations[locale]?.fields?.parent?.label,
-      ),
-      filterOptions: ({ id }) => (id ? { id: { not_equals: id } } : true),
-    },
-    {
-      name: "parentPath",
-      type: "text",
-      index: true,
-      admin: {
-        hidden: true,
-        readOnly: true,
-      },
-    },
-  ];
-};
-
-export const modifyUsersCollection = (params: UsersModificationParams = {}) => {
-  const { translations = {}, fields: customFields = [] } = params;
-
-  return (incomingConfig: Config): Config => {
-    const config = { ...incomingConfig };
-    const userSlug = config.admin?.user || "users";
-
-    const customAdmin = {
-      defaultColumns: ["email", "roles", "isSuperAdmin", "updatedAt"],
-      useAsTitle: "email",
-      ...config.admin,
-    };
-
-    const pluginFields = getArrayOfMergedFieldAffectingData({
-      defaultFields: buildDefaultFields(translations),
-      fields: customFields,
-    });
-
-    const existing = (config.collections || []).find(
-      (c) => c.slug === userSlug,
-    );
-    const dataScopeOptions = {
-      createdByField: "id",
-      usersCollectionSlug: userSlug,
-    } as const;
-
-    const defaultAccess = {
-      create: getPermissionAccess({
-        featureCode: userSlug,
-        actionCode: "create",
-      }),
-      update: getPermissionAccess({
-        featureCode: userSlug,
-        actionCode: "update",
-        mode: "modify",
-        collectionSlug: userSlug,
-        options: dataScopeOptions,
-      }),
-      delete: getPermissionAccess({
-        featureCode: userSlug,
-        actionCode: "delete",
-        mode: "modify",
-        collectionSlug: userSlug,
-        options: dataScopeOptions,
-      }),
-      read: getPermissionAccess({
-        featureCode: userSlug,
-        actionCode: "read",
-        options: dataScopeOptions,
-      }),
-    };
-
-    if (existing) {
-      config.collections = (config.collections || []).map((collection) => {
-        if (collection.slug !== userSlug) {
-          return collection;
-        }
-        return {
-          ...collection,
-          fields: [...collection.fields, ...pluginFields],
-          access: {
-            ...defaultAccess,
-            ...collection.access,
-          },
-          hooks: mergeUserCollectionHooks({
-            existingHooks: collection.hooks,
-            userSlug,
-          }),
-        };
-      });
-    } else {
-      config.collections = [
-        ...(config.collections || []),
-        {
-          slug: userSlug,
-          auth: true,
-          admin: customAdmin,
-          fields: pluginFields,
-          access: defaultAccess,
-          hooks: mergeUserCollectionHooks({ userSlug }),
-        },
-      ];
-    }
-
-    return config;
-  };
-};