Payload Market

Warding

RBAC plugin that generates user and role collections and injects fine-grained access control across Payload collections, globals, fields, and endpoints.

Community 17 5/wk MIT v0.1.10

Installation

pnpm add payload-warding

About

Payload Warding adds role-based access control to Payload by generating a `user` collection and a `role` collection at build time. It scans every collection, global, field, and endpoint in your config and derives a unified set of features, where each feature pairs a slug with its traits (field names or endpoint paths) and verbs (create, read, update, delete). Roles are then expressed as combinations of these features, and editors assign them from the role editing page in the admin panel. The plugin wires `access` functions onto collections, globals, and individual fields. A collection's `access.create` asks for the collection slug paired with the `create` verb, while a field's `access.update` asks for the collection slug, that field's name as a trait, and the `update` verb. Endpoints get a `check` handler prepended to their handler array, with the verb inferred from the HTTP method: `post` maps to create, `get`/`head`/`options` to read, `put`/`patch` to update, and `delete` to delete. Auth collections also gain `admin` and `unlock` access checks. You can opt specific collections, globals, fields, or endpoints out of warding with `custom.warding.should = false` or per-verb `custom.warding.should.[verb] = false`. When you supply your own access function, the plugin still attaches its generated check to `req.context.warding` so you can call it yourself. A `mod` hook lets you rewrite the built collections and warden before they are returned, and an `ext` option registers custom features that do not map directly to a collection or global. On initialization the plugin can seed a `root` role carrying every privilege and a `root` user bound to it; if you skip seeding, the first user created through the create-first-user page is bound to the root role automatically. The default options support English and Chinese labels, and the plugin targets Payload 2.x (`payload: ^2.1.0`).

Package info

Package name
payload-warding
Latest version
0.1.10
Unpacked size
127 kB
License
MIT
Weekly downloads
5
Last publish
Nov 14, 2023

More from sinloss

View profile

S3 Upload

Routes Payload CMS upload collections to Amazon S3, pushing the original file and every image size variant.

70 534/wk v1 Storage

Similar plugins

More in Auth

Google One Tap

Adds Google One Tap sign-in to the Payload admin login page using OAuth credentials.

13 15/wk v1 Auth

Default Roles

Applies default role-based access control to every Payload collection, granting CRUD access to specified roles such as admin and executive.

9 13/wk v1 Auth

Simple RBAC

Enables role-based access control in Payload CMS.

42 24/wk v1 Auth

Magic Login

A Magic Login plugin for Payload CMS that simplifies user authentication.

3 18/wk v2 Auth

RBAC

Adds role-based access control to your Payload CMS.

140 74/wk v1 Auth

reCAPTCHA v3

This plugin protects Payload collection operations using Google reCAPTCHA v3.

35 96/wk v3 Auth