roles-privileges-payload-plugin 1.0.1 → 1.1.1

package/README.md

@@ -1,5 +1,9 @@
 # Roles & Privileges Payload Plugin
 
+[![semantic-release: angular](https://img.shields.io/badge/semantic--release-angular-e10079?logo=semantic-release)](https://github.com/semantic-release/semantic-release)
+[![npm version](https://badge.fury.io/js/roles-privileges-payload-plugin.svg)](https://www.npmjs.com/package/roles-privileges-payload-plugin)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
 A powerful Payload CMS plugin that automatically generates role-based access control (RBAC) with granular CRUD privileges for all your collections.
 
 ## Features
@@ -632,4 +636,4 @@ describe('Plugin tests', () => {
    expect(...)
   })
 })
-```
+```

package/dist/collections/roles.d.ts

@@ -0,0 +1,32 @@
+import type { CollectionBeforeChangeHook, CollectionBeforeDeleteHook, CollectionConfig } from 'payload';
+import type { GlobalPrivilege } from '../utils/generateGlobalPrivileges.js';
+import type { Privilege } from '../utils/generatePrivileges.js';
+export type CollectionData = {
+    collectionSlug: string;
+    collectionLabel: {
+        en: string;
+        fr: string;
+    };
+    privileges: Record<string, Privilege>;
+};
+export type GlobalData = {
+    globalSlug: string;
+    globalLabel: {
+        en: string;
+        fr: string;
+    };
+    privileges: Record<string, GlobalPrivilege>;
+};
+/**
+ * Hook to ensure the Super Admin role cannot be deleted
+ */
+export declare const ensureSuperAdminDontGetDeleted: CollectionBeforeDeleteHook;
+/**
+ * Hook to ensure the Super Admin role slug cannot be changed
+ */
+export declare const ensureSuperAdminDontGetUpdated: CollectionBeforeChangeHook;
+/**
+ * Roles collection configuration
+ * This collection manages user roles and their associated privileges
+ */
+export declare const createRolesCollection: (collections?: CollectionData[], globals?: GlobalData[]) => CollectionConfig;

package/dist/collections/roles.js

@@ -0,0 +1,122 @@
+import { APIError } from 'payload';
+import { hasPrivilege } from '../utils/privilegesAccess.js';
+/**
+ * Hook to ensure the Super Admin role cannot be deleted
+ */ export const ensureSuperAdminDontGetDeleted = async ({ req, id })=>{
+    const role = await req.payload.findByID({
+        collection: 'roles',
+        id
+    });
+    if (role && role.slug === 'super-admin') {
+        throw new APIError(req.t('plugin-roles-privileges:error-cannot-delete-super-admin'), 400);
+    }
+};
+/**
+ * Hook to ensure the Super Admin role slug cannot be changed
+ */ export const ensureSuperAdminDontGetUpdated = async ({ data, originalDoc, req })=>{
+    if (originalDoc && originalDoc.slug === 'super-admin') {
+        if (data.slug && data.slug !== 'super-admin') {
+            throw new APIError(req.t('plugin-roles-privileges:error-cannot-modify-super-admin-slug'), 400);
+        }
+    }
+    return data;
+};
+/**
+ * Roles collection configuration
+ * This collection manages user roles and their associated privileges
+ */ export const createRolesCollection = (collections, globals)=>{
+    return {
+        slug: 'roles',
+        labels: {
+            singular: ({ t })=>t('plugin-roles-privileges:roles-collection-label-singular'),
+            plural: ({ t })=>t('plugin-roles-privileges:roles-collection-label-plural')
+        },
+        access: {
+            // Allow authenticated users to read roles (needed for user role resolution)
+            read: ()=>true,
+            // Require specific privileges for other operations
+            create: hasPrivilege('roles-create'),
+            update: hasPrivilege('roles-update'),
+            delete: hasPrivilege('roles-delete')
+        },
+        admin: {
+            useAsTitle: 'title',
+            defaultColumns: [
+                'title',
+                'slug'
+            ]
+        },
+        fields: [
+            {
+                name: 'title',
+                type: 'text',
+                required: true,
+                label: ({ t })=>t('plugin-roles-privileges:roles-field-title-label')
+            },
+            {
+                name: 'slug',
+                type: 'text',
+                required: true,
+                unique: true,
+                label: ({ t })=>t('plugin-roles-privileges:roles-field-slug-label'),
+                admin: {
+                    description: ({ t })=>t('plugin-roles-privileges:roles-field-slug-description')
+                },
+                hooks: {
+                    beforeValidate: [
+                        ({ value })=>{
+                            if (typeof value === 'string') {
+                                return value.toLowerCase().replace(/[^a-z0-9]+/g, '-').replace(/(^-|-$)/g, '');
+                            }
+                            return value;
+                        }
+                    ]
+                }
+            },
+            {
+                name: 'privileges',
+                type: 'array',
+                label: ({ t })=>t('plugin-roles-privileges:roles-field-privileges-label'),
+                admin: {
+                    description: ({ t })=>t('plugin-roles-privileges:roles-field-privileges-description'),
+                    components: {
+                        Field: {
+                            path: 'roles-privileges-payload-plugin/client#PrivilegesSelect',
+                            clientProps: {
+                                collections: collections || [],
+                                globals: globals || []
+                            }
+                        }
+                    }
+                },
+                minRows: 1,
+                fields: [
+                    {
+                        name: 'privilege',
+                        type: 'text',
+                        required: true,
+                        label: ({ t })=>t('plugin-roles-privileges:roles-field-privileges-label')
+                    }
+                ]
+            },
+            {
+                name: 'description',
+                type: 'textarea',
+                label: ({ t })=>t('plugin-roles-privileges:roles-field-description-label'),
+                admin: {
+                    description: ({ t })=>t('plugin-roles-privileges:roles-field-description-description')
+                }
+            }
+        ],
+        hooks: {
+            beforeChange: [
+                ensureSuperAdminDontGetUpdated
+            ],
+            beforeDelete: [
+                ensureSuperAdminDontGetDeleted
+            ]
+        }
+    };
+};
+
+//# sourceMappingURL=roles.js.map

package/dist/collections/roles.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/collections/roles.ts"],"sourcesContent":["import type {\n  CollectionBeforeChangeHook,\n  CollectionBeforeDeleteHook,\n  CollectionConfig,\n} from 'payload'\nimport { APIError } from 'payload'\nimport type { GlobalPrivilege } from '../utils/generateGlobalPrivileges.js'\nimport type { Privilege } from '../utils/generatePrivileges.js'\nimport { hasPrivilege } from '../utils/privilegesAccess.js'\n\nexport type CollectionData = {\n  collectionSlug: string\n  collectionLabel: { en: string; fr: string }\n  privileges: Record<string, Privilege>\n}\n\nexport type GlobalData = {\n  globalSlug: string\n  globalLabel: { en: string; fr: string }\n  privileges: Record<string, GlobalPrivilege>\n}\n\n/**\n * Hook to ensure the Super Admin role cannot be deleted\n */\nexport const ensureSuperAdminDontGetDeleted: CollectionBeforeDeleteHook = async ({ req, id }) => {\n  const role = await req.payload.findByID({\n    collection: 'roles',\n    id,\n  })\n\n  if (role && role.slug === 'super-admin') {\n    throw new APIError(\n      (req.t as (key: string) => string)('plugin-roles-privileges:error-cannot-delete-super-admin'),\n      400,\n    )\n  }\n}\n\n/**\n * Hook to ensure the Super Admin role slug cannot be changed\n */\nexport const ensureSuperAdminDontGetUpdated: CollectionBeforeChangeHook = async ({\n  data,\n  originalDoc,\n  req,\n}) => {\n  if (originalDoc && originalDoc.slug === 'super-admin') {\n    if (data.slug && data.slug !== 'super-admin') {\n      throw new APIError(\n        (req.t as (key: string) => string)(\n          'plugin-roles-privileges:error-cannot-modify-super-admin-slug',\n        ),\n        400,\n      )\n    }\n  }\n  return data\n}\n\n/**\n * Roles collection configuration\n * This collection manages user roles and their associated privileges\n */\nexport const createRolesCollection = (\n  collections?: CollectionData[],\n  globals?: GlobalData[],\n): CollectionConfig => {\n  return {\n    slug: 'roles',\n    labels: {\n      singular: ({ t }) =>\n        (t as (key: string) => string)('plugin-roles-privileges:roles-collection-label-singular'),\n      plural: ({ t }) =>\n        (t as (key: string) => string)('plugin-roles-privileges:roles-collection-label-plural'),\n    },\n    access: {\n      // Allow authenticated users to read roles (needed for user role resolution)\n      read: () => true,\n      // Require specific privileges for other operations\n      create: hasPrivilege('roles-create'),\n      update: hasPrivilege('roles-update'),\n      delete: hasPrivilege('roles-delete'),\n    },\n    admin: {\n      useAsTitle: 'title',\n      defaultColumns: ['title', 'slug'],\n    },\n    fields: [\n      {\n        name: 'title',\n        type: 'text',\n        required: true,\n        label: ({ t }) =>\n          (t as (key: string) => string)('plugin-roles-privileges:roles-field-title-label'),\n      },\n      {\n        name: 'slug',\n        type: 'text',\n        required: true,\n        unique: true,\n        label: ({ t }) =>\n          (t as (key: string) => string)('plugin-roles-privileges:roles-field-slug-label'),\n        admin: {\n          description: ({ t }) =>\n            (t as (key: string) => string)('plugin-roles-privileges:roles-field-slug-description'),\n        },\n        hooks: {\n          beforeValidate: [\n            ({ value }) => {\n              if (typeof value === 'string') {\n                return value\n                  .toLowerCase()\n                  .replace(/[^a-z0-9]+/g, '-')\n                  .replace(/(^-|-$)/g, '')\n              }\n              return value\n            },\n          ],\n        },\n      },\n      {\n        name: 'privileges',\n        type: 'array',\n        label: ({ t }) =>\n          (t as (key: string) => string)('plugin-roles-privileges:roles-field-privileges-label'),\n        admin: {\n          description: ({ t }) =>\n            (t as (key: string) => string)(\n              'plugin-roles-privileges:roles-field-privileges-description',\n            ),\n          components: {\n            Field: {\n              path: 'roles-privileges-payload-plugin/client#PrivilegesSelect',\n              clientProps: {\n                collections: collections || [],\n                globals: globals || [],\n              },\n            },\n          },\n        },\n        minRows: 1,\n        fields: [\n          {\n            name: 'privilege',\n            type: 'text',\n            required: true,\n            label: ({ t }) =>\n              (t as (key: string) => string)(\n                'plugin-roles-privileges:roles-field-privileges-label',\n              ),\n          },\n        ],\n      },\n      {\n        name: 'description',\n        type: 'textarea',\n        label: ({ t }) =>\n          (t as (key: string) => string)('plugin-roles-privileges:roles-field-description-label'),\n        admin: {\n          description: ({ t }) =>\n            (t as (key: string) => string)(\n              'plugin-roles-privileges:roles-field-description-description',\n            ),\n        },\n      },\n    ],\n    hooks: {\n      beforeChange: [ensureSuperAdminDontGetUpdated],\n      beforeDelete: [ensureSuperAdminDontGetDeleted],\n    },\n  }\n}\n"],"names":["APIError","hasPrivilege","ensureSuperAdminDontGetDeleted","req","id","role","payload","findByID","collection","slug","t","ensureSuperAdminDontGetUpdated","data","originalDoc","createRolesCollection","collections","globals","labels","singular","plural","access","read","create","update","delete","admin","useAsTitle","defaultColumns","fields","name","type","required","label","unique","description","hooks","beforeValidate","value","toLowerCase","replace","components","Field","path","clientProps","minRows","beforeChange","beforeDelete"],"mappings":"AAKA,SAASA,QAAQ,QAAQ,UAAS;AAGlC,SAASC,YAAY,QAAQ,+BAA8B;AAc3D;;CAEC,GACD,OAAO,MAAMC,iCAA6D,OAAO,EAAEC,GAAG,EAAEC,EAAE,EAAE;IAC1F,MAAMC,OAAO,MAAMF,IAAIG,OAAO,CAACC,QAAQ,CAAC;QACtCC,YAAY;QACZJ;IACF;IAEA,IAAIC,QAAQA,KAAKI,IAAI,KAAK,eAAe;QACvC,MAAM,IAAIT,SACR,AAACG,IAAIO,CAAC,CAA6B,4DACnC;IAEJ;AACF,EAAC;AAED;;CAEC,GACD,OAAO,MAAMC,iCAA6D,OAAO,EAC/EC,IAAI,EACJC,WAAW,EACXV,GAAG,EACJ;IACC,IAAIU,eAAeA,YAAYJ,IAAI,KAAK,eAAe;QACrD,IAAIG,KAAKH,IAAI,IAAIG,KAAKH,IAAI,KAAK,eAAe;YAC5C,MAAM,IAAIT,SACR,AAACG,IAAIO,CAAC,CACJ,iEAEF;QAEJ;IACF;IACA,OAAOE;AACT,EAAC;AAED;;;CAGC,GACD,OAAO,MAAME,wBAAwB,CACnCC,aACAC;IAEA,OAAO;QACLP,MAAM;QACNQ,QAAQ;YACNC,UAAU,CAAC,EAAER,CAAC,EAAE,GACd,AAACA,EAA8B;YACjCS,QAAQ,CAAC,EAAET,CAAC,EAAE,GACZ,AAACA,EAA8B;QACnC;QACAU,QAAQ;YACN,4EAA4E;YAC5EC,MAAM,IAAM;YACZ,mDAAmD;YACnDC,QAAQrB,aAAa;YACrBsB,QAAQtB,aAAa;YACrBuB,QAAQvB,aAAa;QACvB;QACAwB,OAAO;YACLC,YAAY;YACZC,gBAAgB;gBAAC;gBAAS;aAAO;QACnC;QACAC,QAAQ;YACN;gBACEC,MAAM;gBACNC,MAAM;gBACNC,UAAU;gBACVC,OAAO,CAAC,EAAEtB,CAAC,EAAE,GACX,AAACA,EAA8B;YACnC;YACA;gBACEmB,MAAM;gBACNC,MAAM;gBACNC,UAAU;gBACVE,QAAQ;gBACRD,OAAO,CAAC,EAAEtB,CAAC,EAAE,GACX,AAACA,EAA8B;gBACjCe,OAAO;oBACLS,aAAa,CAAC,EAAExB,CAAC,EAAE,GACjB,AAACA,EAA8B;gBACnC;gBACAyB,OAAO;oBACLC,gBAAgB;wBACd,CAAC,EAAEC,KAAK,EAAE;4BACR,IAAI,OAAOA,UAAU,UAAU;gCAC7B,OAAOA,MACJC,WAAW,GACXC,OAAO,CAAC,eAAe,KACvBA,OAAO,CAAC,YAAY;4BACzB;4BACA,OAAOF;wBACT;qBACD;gBACH;YACF;YACA;gBACER,MAAM;gBACNC,MAAM;gBACNE,OAAO,CAAC,EAAEtB,CAAC,EAAE,GACX,AAACA,EAA8B;gBACjCe,OAAO;oBACLS,aAAa,CAAC,EAAExB,CAAC,EAAE,GACjB,AAACA,EACC;oBAEJ8B,YAAY;wBACVC,OAAO;4BACLC,MAAM;4BACNC,aAAa;gCACX5B,aAAaA,eAAe,EAAE;gCAC9BC,SAASA,WAAW,EAAE;4BACxB;wBACF;oBACF;gBACF;gBACA4B,SAAS;gBACThB,QAAQ;oBACN;wBACEC,MAAM;wBACNC,MAAM;wBACNC,UAAU;wBACVC,OAAO,CAAC,EAAEtB,CAAC,EAAE,GACX,AAACA,EACC;oBAEN;iBACD;YACH;YACA;gBACEmB,MAAM;gBACNC,MAAM;gBACNE,OAAO,CAAC,EAAEtB,CAAC,EAAE,GACX,AAACA,EAA8B;gBACjCe,OAAO;oBACLS,aAAa,CAAC,EAAExB,CAAC,EAAE,GACjB,AAACA,EACC;gBAEN;YACF;SACD;QACDyB,OAAO;YACLU,cAAc;gBAAClC;aAA+B;YAC9CmC,cAAc;gBAAC5C;aAA+B;QAChD;IACF;AACF,EAAC"}

package/dist/components/PrivilegesSelect.d.ts

@@ -0,0 +1,19 @@
+import type { GlobalPrivilege } from '../utils/generateGlobalPrivileges.js';
+import type { Privilege } from '../utils/generatePrivileges.js';
+type CollectionPrivileges = {
+    collectionSlug: string;
+    collectionLabel: Record<string, string>;
+    privileges: Record<string, Privilege>;
+};
+type GlobalPrivileges = {
+    globalSlug: string;
+    globalLabel: Record<string, string>;
+    privileges: Record<string, GlobalPrivilege>;
+};
+declare const _default_1: import("react").NamedExoticComponent<{
+    readonly validate?: import("payload").ArrayFieldValidation;
+} & import("payload").FieldPaths & {
+    readonly field: Omit<import("payload").ArrayFieldClient, "type"> & Partial<Pick<import("payload").ArrayFieldClient, "type">>;
+} & Omit<import("payload").ClientComponentProps, "customComponents" | "field">>;
+export default _default_1;
+export type { CollectionPrivileges, GlobalPrivileges };