feat: initial commit

2025-12-02 09:00:58 +01:00
commit cee5925f25
51 changed files with 9891 additions and 0 deletions
--- a/src/collections/Users/access/read.ts
+++ b/src/collections/Users/access/read.ts
@@ -0,0 +1,56 @@
+import type { User } from '@/payload-types'
+import type { Access, Where } from 'payload'
+import { getTenantFromCookie } from '@payloadcms/plugin-multi-tenant/utilities'
+
+import { isSuperAdmin } from '../../../access/isSuperAdmin'
+import { getUserTenantIDs } from '../../../utilities/getUserTenantIDs'
+import { isAccessingSelf } from './isAccessingSelf'
+import { getCollectionIDType } from '@/utilities/getCollectionIDType'
+
+export const readAccess: Access<User> = ({ req, id }) => {
+  if (!req?.user) {
+    return false
+  }
+
+  if (isAccessingSelf({ id, user: req.user })) {
+    return true
+  }
+
+  const superAdmin = isSuperAdmin(req.user)
+  const selectedTenant = getTenantFromCookie(
+    req.headers,
+    getCollectionIDType({ payload: req.payload, collectionSlug: 'tenants' }),
+  )
+  const adminTenantAccessIDs = getUserTenantIDs(req.user, 'tenant-admin')
+
+  if (selectedTenant) {
+    // If it's a super admin, or they have access to the tenant ID set in cookie
+    const hasTenantAccess = adminTenantAccessIDs.some((id) => id === selectedTenant)
+    if (superAdmin || hasTenantAccess) {
+      return {
+        'tenants.tenant': {
+          equals: selectedTenant,
+        },
+      }
+    }
+  }
+
+  if (superAdmin) {
+    return true
+  }
+
+  return {
+    or: [
+      {
+        id: {
+          equals: req.user.id,
+        },
+      },
+      {
+        'tenants.tenant': {
+          in: adminTenantAccessIDs,
+        },
+      },
+    ],
+  } as Where
+}