payload 3.68.0 → 3.68.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"canAccessAdmin.d.ts","sourceRoot":"","sources":["../../src/utilities/canAccessAdmin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;
|
|
1
|
+
{"version":3,"file":"canAccessAdmin.d.ts","sourceRoot":"","sources":["../../src/utilities/canAccessAdmin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAIvD;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,YAAmB;IAAE,GAAG,EAAE,cAAc,CAAA;CAAE,kBA8BpE,CAAA"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { UnauthorizedError } from '../errors/UnauthorizedError.js';
|
|
1
2
|
/**
|
|
2
3
|
* Protects admin-only routes, server functions, etc.
|
|
3
4
|
* The requesting user must either:
|
|
@@ -15,11 +16,11 @@
|
|
|
15
16
|
req
|
|
16
17
|
});
|
|
17
18
|
if (!canAccess) {
|
|
18
|
-
throw new
|
|
19
|
+
throw new UnauthorizedError();
|
|
19
20
|
}
|
|
20
21
|
// Match the user collection to the global admin config
|
|
21
22
|
} else if (adminUserSlug !== incomingUserSlug) {
|
|
22
|
-
throw new
|
|
23
|
+
throw new UnauthorizedError();
|
|
23
24
|
}
|
|
24
25
|
} else {
|
|
25
26
|
const hasUsers = await req.payload.find({
|
|
@@ -30,7 +31,7 @@
|
|
|
30
31
|
});
|
|
31
32
|
// If there are users, we should not allow access because of `/create-first-user`
|
|
32
33
|
if (hasUsers.docs.length) {
|
|
33
|
-
throw new
|
|
34
|
+
throw new UnauthorizedError();
|
|
34
35
|
}
|
|
35
36
|
}
|
|
36
37
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/utilities/canAccessAdmin.ts"],"sourcesContent":["import type { PayloadRequest } from '../types/index.js'\n\n/**\n * Protects admin-only routes, server functions, etc.\n * The requesting user must either:\n * a. pass the `access.admin` function on the `users` collection, if defined\n * b. match the `config.admin.user` property on the Payload config\n * c. if no user is present, and there are no users in the system, allow access (for first user creation)\n * @throws {Error} Throws an `Unauthorized` error if access is denied that can be explicitly caught\n */\nexport const canAccessAdmin = async ({ req }: { req: PayloadRequest }) => {\n const incomingUserSlug = req.user?.collection\n const adminUserSlug = req.payload.config.admin.user\n\n if (incomingUserSlug) {\n const adminAccessFn = req.payload.collections[incomingUserSlug]?.config.access?.admin\n\n if (adminAccessFn) {\n const canAccess = await adminAccessFn({ req })\n\n if (!canAccess) {\n throw new
|
|
1
|
+
{"version":3,"sources":["../../src/utilities/canAccessAdmin.ts"],"sourcesContent":["import type { PayloadRequest } from '../types/index.js'\n\nimport { UnauthorizedError } from '../errors/UnauthorizedError.js'\n\n/**\n * Protects admin-only routes, server functions, etc.\n * The requesting user must either:\n * a. pass the `access.admin` function on the `users` collection, if defined\n * b. match the `config.admin.user` property on the Payload config\n * c. if no user is present, and there are no users in the system, allow access (for first user creation)\n * @throws {Error} Throws an `Unauthorized` error if access is denied that can be explicitly caught\n */\nexport const canAccessAdmin = async ({ req }: { req: PayloadRequest }) => {\n const incomingUserSlug = req.user?.collection\n const adminUserSlug = req.payload.config.admin.user\n\n if (incomingUserSlug) {\n const adminAccessFn = req.payload.collections[incomingUserSlug]?.config.access?.admin\n\n if (adminAccessFn) {\n const canAccess = await adminAccessFn({ req })\n\n if (!canAccess) {\n throw new UnauthorizedError()\n }\n // Match the user collection to the global admin config\n } else if (adminUserSlug !== incomingUserSlug) {\n throw new UnauthorizedError()\n }\n } else {\n const hasUsers = await req.payload.find({\n collection: adminUserSlug,\n depth: 0,\n limit: 1,\n pagination: false,\n })\n\n // If there are users, we should not allow access because of `/create-first-user`\n if (hasUsers.docs.length) {\n throw new UnauthorizedError()\n }\n }\n}\n"],"names":["UnauthorizedError","canAccessAdmin","req","incomingUserSlug","user","collection","adminUserSlug","payload","config","admin","adminAccessFn","collections","access","canAccess","hasUsers","find","depth","limit","pagination","docs","length"],"mappings":"AAEA,SAASA,iBAAiB,QAAQ,iCAAgC;AAElE;;;;;;;CAOC,GACD,OAAO,MAAMC,iBAAiB,OAAO,EAAEC,GAAG,EAA2B;IACnE,MAAMC,mBAAmBD,IAAIE,IAAI,EAAEC;IACnC,MAAMC,gBAAgBJ,IAAIK,OAAO,CAACC,MAAM,CAACC,KAAK,CAACL,IAAI;IAEnD,IAAID,kBAAkB;QACpB,MAAMO,gBAAgBR,IAAIK,OAAO,CAACI,WAAW,CAACR,iBAAiB,EAAEK,OAAOI,QAAQH;QAEhF,IAAIC,eAAe;YACjB,MAAMG,YAAY,MAAMH,cAAc;gBAAER;YAAI;YAE5C,IAAI,CAACW,WAAW;gBACd,MAAM,IAAIb;YACZ;QACA,uDAAuD;QACzD,OAAO,IAAIM,kBAAkBH,kBAAkB;YAC7C,MAAM,IAAIH;QACZ;IACF,OAAO;QACL,MAAMc,WAAW,MAAMZ,IAAIK,OAAO,CAACQ,IAAI,CAAC;YACtCV,YAAYC;YACZU,OAAO;YACPC,OAAO;YACPC,YAAY;QACd;QAEA,iFAAiF;QACjF,IAAIJ,SAASK,IAAI,CAACC,MAAM,EAAE;YACxB,MAAM,IAAIpB;QACZ;IACF;AACF,EAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "payload",
|
|
3
|
-
"version": "3.68.
|
|
3
|
+
"version": "3.68.2",
|
|
4
4
|
"description": "Node, React, Headless CMS and Application Framework built on Next.js",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"admin panel",
|
|
@@ -106,7 +106,7 @@
|
|
|
106
106
|
"undici": "7.10.0",
|
|
107
107
|
"uuid": "10.0.0",
|
|
108
108
|
"ws": "^8.16.0",
|
|
109
|
-
"@payloadcms/translations": "3.68.
|
|
109
|
+
"@payloadcms/translations": "3.68.2"
|
|
110
110
|
},
|
|
111
111
|
"devDependencies": {
|
|
112
112
|
"@hyrious/esbuild-plugin-commonjs": "0.2.6",
|