Warding
RBAC plugin that generates user and role collections and injects fine-grained access control across Payload collections, globals, fields, and endpoints.
Installation
pnpm add payload-warding About
Payload Warding adds role-based access control to Payload by generating a `user` collection and a `role` collection at build time. It scans every collection, global, field, and endpoint in your config and derives a unified set of features, where each feature pairs a slug with its traits (field names or endpoint paths) and verbs (create, read, update, delete). Roles are then expressed as combinations of these features, and editors assign them from the role editing page in the admin panel. The plugin wires `access` functions onto collections, globals, and individual fields. A collection's `access.create` asks for the collection slug paired with the `create` verb, while a field's `access.update` asks for the collection slug, that field's name as a trait, and the `update` verb. Endpoints get a `check` handler prepended to their handler array, with the verb inferred from the HTTP method: `post` maps to create, `get`/`head`/`options` to read, `put`/`patch` to update, and `delete` to delete. Auth collections also gain `admin` and `unlock` access checks. You can opt specific collections, globals, fields, or endpoints out of warding with `custom.warding.should = false` or per-verb `custom.warding.should.[verb] = false`. When you supply your own access function, the plugin still attaches its generated check to `req.context.warding` so you can call it yourself. A `mod` hook lets you rewrite the built collections and warden before they are returned, and an `ext` option registers custom features that do not map directly to a collection or global. On initialization the plugin can seed a `root` role carrying every privilege and a `root` user bound to it; if you skip seeding, the first user created through the create-first-user page is bound to the root role automatically. The default options support English and Chinese labels, and the plugin targets Payload 2.x (`payload: ^2.1.0`).
Package info
- Package name
payload-warding- Latest version
0.1.10- Unpacked size
- 127 kB
- License
- MIT
- Weekly downloads
- 5
- Last publish
- Nov 14, 2023
More from sinloss
View profilereCAPTCHA v3
This plugin protects Payload collection operations using Google reCAPTCHA v3.
TOTP
Add an extra layer of security with Time-based One-time Passwords (TOTP).
Code Block Feature
Lexical feature for Payload CMS that adds syntax-highlighted code blocks with a language picker and copy button.
Similar plugins
More in AuthSimple RBAC
Enables role-based access control in Payload CMS.
Magic Login
A Magic Login plugin for Payload CMS that simplifies user authentication.
RBAC
Adds role-based access control to your Payload CMS.
OIDC plugin
Integrate OpenID Connect authentication into Payload CMS.
Gatekeeper
Adds role-based access control to Payload CMS v3 with wildcard permissions, auto-generated permissions per collection, and a managed Roles collection.