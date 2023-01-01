Cloud PricingDocsFor EnterpriseCommunity HelpBlog
Any field level access instantly blocks full document access

default discord avatar
bill.son
last week
6

As soon as I add any field level access my whole document is blocked.



Even just 


access: {
  update: () => true;
}


Example:

import { CollectionConfig } from "payload/types";
import { isAdmin, isAdminOrSamePartner, isAdminOrSelf } from "../access";

const Users: CollectionConfig = {
    slug: "users",
    auth: true,
    admin: {
        useAsTitle: "name",
    },
    access: {
        create: isAdmin,
        read: isAdminOrSamePartner,
        update: isAdminOrSelf,
        delete: isAdmin,
    },
    labels: {
        singular: { en: "User", fr: "Utilisateur" },
        plural: { en: "Users", fr: "Utilisateurs" },
    },
    fields: [
        {
            label: { en: "Name", fr: "Nom" },
            name: "name",
            type: "text",
        },
        {
            label: { en: "Roles", fr: "Rôles" },
            name: "roles",
            type: "select",
            saveToJWT: true,
            hasMany: true,
            defaultValue: ["editor"],
            options: [
                { label: { en: "Admin", fr: "Administrateur" }, value: "admin" },
                { label: { en: "Editor", fr: "Éditeur" }, value: "editor" },
            ],
            required: true,
            access: {
                update: () => true,
            },
        },
        {
            label: { en: "Partners", fr: "Partenaires" },
            name: "partners",
            type: "relationship",
            relationTo: "partners",
            hasMany: true,
            saveToJWT: true,
        },
    ],
};

export default Users;


if I remove 

            access: {
                update: () => true,
            },

the collection access works normally, but with it the whole document is blocked.



I need the field access to block role and partner change but It is broken right now. Any help would be appreciated!

  • discord user avatar
    tylandavis
    Payload Team
    last week

    hey @bill.son, I wasn't able to recreate this myself. I wonder if there may be something with your collection level access control functions. Are you able to share those here and I can see if I can recreate the issue?

  • default discord avatar
    bill.son
    last week

    Sure! 

    import { Partner, User } from "lib/payload-types";
import { Access } from "payload/config";
import { FieldAccess } from "payload/types";

export const isAdminOrSelf: Access<unknown, User> = ({ req: { user }, id }) => {
    if (!user) return false;

    if (user.roles.includes("admin")) {
        return true;
    }

    return user.id === id;
};

export const isAdmin: Access<unknown, User> = ({ req: { user } }) => {
    return Boolean(user?.roles?.includes("admin"));
}; 

export const isAdminOrSamePartner: Access<unknown, User> = ({ req: { user } }) => {
    if (user) {
        if (user.roles.includes("admin")) return true;

        if (user.roles.includes("editor") && user.partners.length > 0) {
            return {
                partners: {
                    in: user.partners.map((partner: Partner) => partner.id),
                },
            };
        }
    }
    return false;
};


    I'll try and locate when it started.



    Apparently just stopped working idk. Cant find anything that would've broken it and I went back to all the same versions as when it worked.



    I get this error: 

    TypeError: Cannot read properties of undefined (reading 'endSession')


    https://github.com/payloadcms/payload/issues/4133#issuecomment-1813335973
  • discord user avatar
    tylandavis
    Payload Team
    last week

    I was just about to link that

  • default discord avatar
    bill.son
    last week

    Yeah Ill try going to 2.1.0

  • discord user avatar
    tylandavis
    Payload Team
    last week

    Let me know if that changes anything. I would add some details of your issue there as well, just so its tracked and we can get around to figuring out the cause.

  • default discord avatar
    bill.son
    last week

    Yeah 2.1.0 works!



    weird

