Gatekeeper

About

Payload Gatekeeper is an access control plugin for Payload CMS v3 that adds role-based authorization across collections. It creates a managed Roles collection where administrators define roles as lists of permission strings, then attaches a role relationship field to the user collections you choose. Permissions follow a dotted namespace convention such as `users.read` or `media.*`, with `*` matching everything, so a super admin role can be expressed as a single wildcard. The plugin generates the full permission set for every collection automatically, so you do not hand-maintain a permission registry. It also separates UI visibility from CRUD access: a `collection.manage` permission controls whether the collection appears in the admin panel, while `collection.read|create|update|delete` govern the data operations. Non-authenticated requests fall back to a configurable public role that defaults to read access on non-auth collections, and auth collections like users are always protected from public access regardless of the public role settings. Configuration is per collection. You can place the role field in a named tab, the sidebar, or a numeric position, set a default role for new signups, and have the first user in an admin collection automatically receive the `super_admin` role. Roles can be marked `protected` to prevent edits, scoped with `visibleFor` so they only appear on relevant user collections, and synced on init during development or when explicitly enabled. Custom application permissions such as `event-management.export` can be registered alongside the generated ones and are organized into groups in the role editor. The plugin targets Payload v3 with React 19 and ships dual ESM/CJS builds. It does not enforce row-level ownership, so patterns like "users can only edit their own profile" need separate handling. Permission checks can be skipped entirely via a config flag, which is useful for seeding and migration runs.

Package info

Package name

payload-gatekeeper

Latest version

1.1.0

Unpacked size

404 kB

License

MIT

Weekly downloads

112

Last publish

Aug 18, 2025