feat: initial setup, collections, caregiver frontend
This commit is contained in:
@@ -9,6 +9,12 @@ import { isSuperAdmin } from '@/access/isSuperAdmin'
|
||||
import { setCookieBasedOnDomain } from './hooks/setCookieBasedOnDomain'
|
||||
import { tenantsArrayField } from '@payloadcms/plugin-multi-tenant/fields'
|
||||
|
||||
/**
|
||||
* Tenant Roles for Care Home Staff:
|
||||
* - admin: Full access within their care home(s)
|
||||
* - caregiver: Can create/manage meal orders for residents
|
||||
* - kitchen: Can view orders and mark as prepared
|
||||
*/
|
||||
const defaultTenantArrayField = tenantsArrayField({
|
||||
tenantsArrayFieldName: 'tenants',
|
||||
tenantsArrayTenantFieldName: 'tenant',
|
||||
@@ -19,28 +25,38 @@ const defaultTenantArrayField = tenantsArrayField({
|
||||
{
|
||||
name: 'roles',
|
||||
type: 'select',
|
||||
defaultValue: ['tenant-viewer'],
|
||||
defaultValue: ['caregiver'],
|
||||
hasMany: true,
|
||||
options: ['tenant-admin', 'tenant-viewer'],
|
||||
options: [
|
||||
{ label: 'Admin', value: 'admin' },
|
||||
{ label: 'Caregiver', value: 'caregiver' },
|
||||
{ label: 'Kitchen', value: 'kitchen' },
|
||||
],
|
||||
required: true,
|
||||
admin: {
|
||||
description: 'Role(s) for this user within the care home',
|
||||
},
|
||||
access: {
|
||||
update: ({ req }) => {
|
||||
const { user } = req
|
||||
if (!user) {
|
||||
return false
|
||||
}
|
||||
|
||||
if (isSuperAdmin(user)) {
|
||||
return true
|
||||
}
|
||||
|
||||
return true
|
||||
// Super admins and tenant admins can update roles
|
||||
return isSuperAdmin(user) || true
|
||||
},
|
||||
},
|
||||
},
|
||||
],
|
||||
})
|
||||
|
||||
/**
|
||||
* Users Collection
|
||||
*
|
||||
* Two-level role system:
|
||||
* - Global roles: super-admin (system-wide access), user (access via tenant roles)
|
||||
* - Tenant roles: admin, caregiver, kitchen (per care home)
|
||||
*/
|
||||
const Users: CollectionConfig = {
|
||||
slug: 'users',
|
||||
access: {
|
||||
@@ -51,27 +67,32 @@ const Users: CollectionConfig = {
|
||||
},
|
||||
admin: {
|
||||
useAsTitle: 'email',
|
||||
defaultColumns: ['email', 'roles', 'createdAt'],
|
||||
},
|
||||
auth: true,
|
||||
endpoints: [externalUsersLogin],
|
||||
fields: [
|
||||
{
|
||||
name: 'name',
|
||||
type: 'text',
|
||||
admin: {
|
||||
description: 'Full name of the user',
|
||||
},
|
||||
},
|
||||
{
|
||||
type: 'text',
|
||||
name: 'password',
|
||||
hidden: true,
|
||||
access: {
|
||||
read: () => false, // Hide password field from read access
|
||||
read: () => false,
|
||||
update: ({ req, id }) => {
|
||||
const { user } = req
|
||||
if (!user) {
|
||||
return false
|
||||
}
|
||||
|
||||
if (id === user.id) {
|
||||
// Allow user to update their own password
|
||||
return true
|
||||
}
|
||||
|
||||
return isSuperAdmin(user)
|
||||
},
|
||||
},
|
||||
@@ -79,12 +100,16 @@ const Users: CollectionConfig = {
|
||||
{
|
||||
admin: {
|
||||
position: 'sidebar',
|
||||
description: 'Global system role',
|
||||
},
|
||||
name: 'roles',
|
||||
type: 'select',
|
||||
defaultValue: ['user'],
|
||||
hasMany: true,
|
||||
options: ['super-admin', 'user'],
|
||||
options: [
|
||||
{ label: 'Super Admin', value: 'super-admin' },
|
||||
{ label: 'User', value: 'user' },
|
||||
],
|
||||
access: {
|
||||
update: ({ req }) => {
|
||||
return isSuperAdmin(req.user)
|
||||
@@ -104,13 +129,10 @@ const Users: CollectionConfig = {
|
||||
admin: {
|
||||
...(defaultTenantArrayField?.admin || {}),
|
||||
position: 'sidebar',
|
||||
description: 'Care homes this user has access to',
|
||||
},
|
||||
},
|
||||
],
|
||||
// The following hook sets a cookie based on the domain a user logs in from.
|
||||
// It checks the domain and matches it to a tenant in the system, then sets
|
||||
// a 'payload-tenant' cookie for that tenant.
|
||||
|
||||
hooks: {
|
||||
afterLogin: [setCookieBasedOnDomain],
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user