chore: Implement access control for collections

CodeForAfrica · Oct 18, 2024 · 5809930 · 5809930
1 parent 9167015
commit 5809930
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 0 deletions.
diff --git a/apps/civicsignalblog/src/payload/access/isAdminOrEditor.js b/apps/civicsignalblog/src/payload/access/isAdminOrEditor.js
@@ -0,0 +1,11 @@
+import { ROLE_ADMIN, ROLE_EDITOR } from "./roles";
+
+const isAdminOrEditor = ({ req: { user } }) => {
+  // Return true or false based on if the user has an admin or editor role
+  return (
+    Boolean(user?.roles?.includes(ROLE_ADMIN)) ||
+    Boolean(user?.roles?.includes(ROLE_EDITOR))
+  );
+};
+
+export default isAdminOrEditor;
diff --git a/apps/civicsignalblog/src/payload/collections/Main/MediaData.js b/apps/civicsignalblog/src/payload/collections/Main/MediaData.js
@@ -1,6 +1,7 @@
 import { slateEditor } from "@payloadcms/richtext-slate";
 
 import canRead from "#civicsignalblog/payload/access/applications/main";
+import isAdminOrEditor from "#civicsignalblog/payload/access/isAdminOrEditor";
 import document from "#civicsignalblog/payload/fields/document";
 import image from "#civicsignalblog/payload/fields/image";
 import richText from "#civicsignalblog/payload/fields/richText";
@@ -9,6 +10,9 @@ const MediaData = {
   slug: "media-data",
   access: {
     read: canRead,
+    update: isAdminOrEditor,
+    create: isAdminOrEditor,
+    delete: isAdminOrEditor,
   },
   admin: {
     defaultColumns: ["title", "updatedAt"],

diff --git a/apps/civicsignalblog/src/payload/collections/Main/Pages.js b/apps/civicsignalblog/src/payload/collections/Main/Pages.js
@@ -1,4 +1,5 @@
 import canRead from "#civicsignalblog/payload/access/applications/main";
+import isAdminOrEditor from "#civicsignalblog/payload/access/isAdminOrEditor";
 import PageHeader from "#civicsignalblog/payload/blocks/PageHeader";
 import { MAIN } from "#civicsignalblog/payload/lib/data/common/applications";
 import pages from "#civicsignalblog/payload/utils/createPagesCollection";
@@ -11,6 +12,9 @@ const Pages = pages({
   blocks: [PageHeader],
   access: {
     read: canRead,
+    update: isAdminOrEditor,
+    create: isAdminOrEditor,
+    delete: isAdminOrEditor,
   },
 });
 

diff --git a/apps/civicsignalblog/src/payload/collections/Research/Authors.js b/apps/civicsignalblog/src/payload/collections/Research/Authors.js
@@ -1,9 +1,13 @@
 import canRead from "#civicsignalblog/payload/access/applications/research";
+import isAdminOrEditor from "#civicsignalblog/payload/access/isAdminOrEditor";
 
 const Authors = {
   slug: "author",
   access: {
     read: canRead,
+    update: isAdminOrEditor,
+    create: isAdminOrEditor,
+    delete: isAdminOrEditor,
   },
   admin: {
     defaultColumns: ["fullName", "updatedAt"],

diff --git a/apps/civicsignalblog/src/payload/collections/Research/Media.js b/apps/civicsignalblog/src/payload/collections/Research/Media.js
@@ -1,3 +1,5 @@
+import isAdminOrEditor from "#civicsignalblog/payload/access/isAdminOrEditor";
+
 const Media = {
   slug: "media",
   admin: {
@@ -8,6 +10,9 @@ const Media = {
   },
   access: {
     read: () => true, // Everyone can read Media
+    update: isAdminOrEditor,
+    create: isAdminOrEditor,
+    delete: isAdminOrEditor,
   },
   upload: {
     staticURL: "/media",

diff --git a/apps/civicsignalblog/src/payload/collections/Research/Pages.js b/apps/civicsignalblog/src/payload/collections/Research/Pages.js
@@ -1,4 +1,5 @@
 import canRead from "#civicsignalblog/payload/access/applications/research";
+import isAdminOrEditor from "#civicsignalblog/payload/access/isAdminOrEditor";
 import CustomPageHeader from "#civicsignalblog/payload/blocks/CustomPageHeader";
 import Error from "#civicsignalblog/payload/blocks/Error";
 import FeaturedStories from "#civicsignalblog/payload/blocks/FeaturedStories";
@@ -23,6 +24,9 @@ const Pages = pages({
   ],
   access: {
     read: canRead,
+    update: isAdminOrEditor,
+    create: isAdminOrEditor,
+    delete: isAdminOrEditor,
   },
   adminOptions: {
     description: "Research",

diff --git a/apps/civicsignalblog/src/payload/collections/Research/Posts.js b/apps/civicsignalblog/src/payload/collections/Research/Posts.js
@@ -1,4 +1,5 @@
 import canRead from "#civicsignalblog/payload/access/applications/research";
+import isAdminOrEditor from "#civicsignalblog/payload/access/isAdminOrEditor";
 import authors from "#civicsignalblog/payload/fields/authors";
 import content from "#civicsignalblog/payload/fields/content";
 import image from "#civicsignalblog/payload/fields/image";
@@ -19,6 +20,9 @@ const Posts = {
   },
   access: {
     read: canRead,
+    update: isAdminOrEditor,
+    create: isAdminOrEditor,
+    delete: isAdminOrEditor,
   },
   admin: {
     defaultColumns: ["title", "authors", "publishedOn"],

diff --git a/apps/civicsignalblog/src/payload/collections/Research/Tags.js b/apps/civicsignalblog/src/payload/collections/Research/Tags.js
@@ -1,4 +1,5 @@
 import canRead from "#civicsignalblog/payload/access/applications/research";
+import isAdminOrEditor from "#civicsignalblog/payload/access/isAdminOrEditor";
 import slug from "#civicsignalblog/payload/fields/slug/index";
 
 const Tags = {
@@ -11,6 +12,9 @@ const Tags = {
   },
   access: {
     read: canRead,
+    update: isAdminOrEditor,
+    create: isAdminOrEditor,
+    delete: isAdminOrEditor,
   },
   fields: [
     {