32 lines
830 B
TypeScript
32 lines
830 B
TypeScript
import type { Access } from "payload";
|
|
|
|
import { getUserTenantIDs } from "../../../utilities/getUserTenantIDs";
|
|
import { isSuperAdmin } from "@/access/isSuperAdmin";
|
|
import { isAccessingSelf } from "./isAccessingSelf";
|
|
|
|
export const updateAndDeleteAccess: Access = ({ req, id }) => {
|
|
const { user } = req;
|
|
|
|
if (!user) {
|
|
return false;
|
|
}
|
|
|
|
if (isSuperAdmin(user) || isAccessingSelf({ user, id })) {
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Constrains update and delete access to users that belong
|
|
* to the same tenant as the admin making the request
|
|
*
|
|
* You may want to take this a step further with a beforeChange
|
|
* hook to ensure that the admin can only remove users
|
|
* from their own tenant in the tenants array.
|
|
*/
|
|
return {
|
|
"tenants.tenant": {
|
|
in: getUserTenantIDs(user, "admin"),
|
|
},
|
|
};
|
|
};
|