feat: access control

src/access/admin.ts

@@ -0,0 +1,7 @@
+import { User } from '@/payload-types'
+import type { AccessArgs } from 'payload'
+
+type isAdmin = (args: AccessArgs<User>) => boolean
+
+export const admin: isAdmin = ({ req: { user } }) => user?.role === 'admin'
+

src/access/anyone.ts

@@ -0,0 +1,3 @@
+import type { Access } from 'payload'
+
+export const anyone: Access = () => true

src/access/authenticated.ts

@@ -0,0 +1,9 @@
+import type { AccessArgs } from 'payload'
+
+import type { User } from '@/payload-types'
+
+type isAuthenticated = (args: AccessArgs<User>) => boolean
+
+export const authenticated: isAuthenticated = ({ req: { user } }) => {
+  return Boolean(user)
+}

src/collections/Authors/Authors.ts

@@ -1,3 +1,5 @@
+import { admin } from '@/access/admin'
+import { authenticated } from '@/access/authenticated'
 import type { CollectionConfig } from 'payload'
 
 export const Authors: CollectionConfig = {
@@ -10,9 +12,9 @@ export const Authors: CollectionConfig = {
   },
   access: {
     read: () => true,
-    update: () => true,
+    update: admin,
-    create: () => true,
+    create: authenticated,
-    admin: () => true,
+    delete: admin,
   },
   fields: [
     {

src/collections/Books/Books.ts

@@ -1,3 +1,5 @@
+import { admin } from "@/access/admin";
+import { authenticated } from "@/access/authenticated";
 import { CollectionConfig } from "payload";
 
 export const Books: CollectionConfig = {
@@ -7,9 +9,9 @@ export const Books: CollectionConfig = {
   },
   access: {
     read: () => true,
-    update: () => true,
+    update: admin,
-    create: () => true,
+    create: authenticated,
-    admin: () => true,
+    delete: admin,
   },
   fields: [
     {

src/collections/Books/Genre.ts

@@ -1,3 +1,4 @@
+import { admin } from "@/access/admin";
 import { CollectionConfig } from "payload";
 
 export const Genre: CollectionConfig = {
@@ -7,9 +8,9 @@ export const Genre: CollectionConfig = {
   },
   access: {
     read: () => true,
-    update: () => true,
+    update: admin,
     create: () => true,
-    admin: () => true,
+    delete: admin,
   },
   fields: [
     {

src/collections/Checkouts/Checkouts.ts

@@ -1,7 +1,15 @@
+import { admin } from "@/access/admin";
+import { authenticated } from "@/access/authenticated";
 import { CollectionConfig } from "payload";
 
 const Checkouts: CollectionConfig = {
   slug: 'checkouts',
+  access: {
+    read: () => true,
+    update: admin,
+    create: authenticated,
+    delete: admin,
+  },
   fields: [
     {
       name: 'fromHold',

src/collections/Checkouts/HoldRequests.ts

@@ -1,7 +1,15 @@
+import { admin } from "@/access/admin";
+import { authenticated } from "@/access/authenticated";
 import { CollectionConfig } from "payload";
 
 const HoldRequests: CollectionConfig = {
   slug: 'holdRequests',
+  access: {
+    read: () => true,
+    update: admin,
+    create: authenticated,
+    delete: admin,
+  },
   fields: [
     {
       name: 'copy',

src/collections/Copies/Copies.ts

@@ -28,17 +28,10 @@ const beforeValidate: CollectionBeforeValidateHook = async ({ data, req }) => {
   } else return doc
 
   return { ...doc, label: `[${repositoryName}] ${bookName}` }
-
 }
 
 export const Copies: CollectionConfig = {
   slug: 'copies',
-  access: {
-    read: () => true,
-    update: () => true,
-    create: () => true,
-    admin: () => true,
-  },
   admin: {
     useAsTitle: 'label',
     pagination: {
@@ -96,6 +89,7 @@ export const Copies: CollectionConfig = {
     }
   ],
   hooks: {
-    beforeValidate: [beforeValidate]
+    beforeValidate: [beforeValidate],
+    //beforeRead: [beforeRead],
   },
 }

src/collections/Repositories/Repositories.ts

@@ -1,3 +1,5 @@
+import { admin } from "@/access/admin";
+import { authenticated } from "@/access/authenticated";
 import { CollectionConfig } from "payload";
 
 export const Repositories: CollectionConfig = {
@@ -5,6 +7,12 @@ export const Repositories: CollectionConfig = {
   admin: {
     useAsTitle: 'name'
   },
+  access: {
+    read: () => true,
+    update: admin,
+    create: authenticated,
+    delete: admin,
+  },
   fields: [
     {
       name: 'name',

src/collections/Users.ts

@@ -1,4 +1,4 @@
-import { defaultAccess } from '@/lib/utils'
+import { admin } from '@/access/admin'
 import type { CollectionConfig } from 'payload'
 
 const expirationInMinutes = parseInt(process.env.PASSWORD_RESET_EXPIRATION_IN_MINUTES || '30')
@@ -9,6 +9,9 @@ export const Users: CollectionConfig = {
   admin: {
     useAsTitle: 'email',
   },
+  access: {
+    admin: admin
+  },
   auth: {
     //   verify: {
     //     generateEmailSubject: () => {
@@ -26,7 +29,6 @@ export const Users: CollectionConfig = {
     //           </body>
     //         </html>
     //       `
-    //
     //     },
     //   },
     forgotPassword: {
@@ -54,14 +56,6 @@ export const Users: CollectionConfig = {
       },
     }
   },
-  access: {
-    ...defaultAccess,
-    update: ({ req, data }) => {
-      if (req.user?.role === 'admin') return true
-      else if (data?.user.id === req.user?.id) return true
-      else return false
-    }
-  },
   fields: [
     // Email added by default
     // Add more fields as needed

src/components/ForgotPasswordForm.tsx

@@ -88,10 +88,7 @@ export function ForgotPasswordForm({ className, ...props }: React.ComponentProps
           </CardDescription>
         </CardHeader>
         <CardContent>
-          <form
+          <form onSubmit={token ? handleResetPasswordSubmit : handleForgotPasswordSubmit}>
-            onSubmit={token ? handleResetPasswordSubmit : handleForgotPasswordSubmit}
-            aria-disabled={isLoading}
-          >
             <div className="grid gap-6">
               <div className="grid gap-6">
                 {!token ? (