chore: restrict access for guest accounts

RawkodeAcademy · Jul 20, 2023 · 254a7ca · 254a7ca
1 parent 568eb75
commit 254a7ca
Show file tree

Hide file tree

Showing 14 changed files with 251 additions and 223 deletions.
diff --git a/projects/rawkode.academy/cms/deploy/main.ts b/projects/rawkode.academy/cms/deploy/main.ts
@@ -128,7 +128,7 @@ class MyStack extends TerraformStack {
  {
  keyVaultId: keyVault.id,
  name: "github-client-secret",
- value: process.env.OAUTH_CLIENT_SECRET || "<MISSING>",
+ value: process.env.OAUTH_CLIENT_SECRET || "",
  },
  );
 
@@ -154,8 +154,8 @@ class MyStack extends TerraformStack {
  MONGODB_URI: Fn.element(cosmosDbAccount.connectionStrings, 0),
  OAUTH_BASE_URL: process.env.OAUTH_BASE_URL || "",
  OAUTH_CLIENT_ID: process.env.OAUTH_CLIENT_ID || "",
- OAUTH_CLIENT_SECRET: `@Microsoft.KeyVault(SecretUri=${azureGitHubClientSecret.versionlessId})`,
- PAYLOAD_SECRET: `@Microsoft.KeyVault(SecretUri=${azurePayloadSecret.versionlessId})`,
+ OAUTH_CLIENT_SECRET: `@Microsoft.KeyVault(SecretUri=${azureGitHubClientSecret.id})`,
+ PAYLOAD_SECRET: `@Microsoft.KeyVault(SecretUri=${azurePayloadSecret.id})`,
  },
  });
 

diff --git a/projects/rawkode.academy/cms/src/collections/Categories.ts b/projects/rawkode.academy/cms/src/collections/Categories.ts
@@ -1,20 +1,24 @@
 import { CollectionConfig } from 'payload/types';
+import { isAdmin } from "../utilities/isAdmin";
 
 const Categories: CollectionConfig = {
- slug: 'categories',
- admin: {
- useAsTitle: 'name',
- },
- access: {
- read: () => true,
- },
- fields: [
- {
- name: 'name',
- type: 'text',
- },
- ],
- timestamps: false,
-}
+ slug: "categories",
+ admin: {
+ useAsTitle: "name",
+ },
+ access: {
+ read: () => true,
+ create: isAdmin,
+ update: isAdmin,
+ delete: isAdmin,
+ },
+ fields: [
+ {
+ name: "name",
+ type: "text",
+ },
+ ],
+ timestamps: false,
+};
 
-export default Categories;
+export default Categories;
diff --git a/projects/rawkode.academy/cms/src/collections/Posts.ts b/projects/rawkode.academy/cms/src/collections/Posts.ts
@@ -1,57 +1,61 @@
 import { CollectionConfig } from "payload/types";
+import { isAdmin } from "../utilities/isAdmin";
 import { People } from "./people";
 
 const Posts: CollectionConfig = {
- slug: "posts",
- admin: {
- defaultColumns: ["title", "author", "category", "status"],
- useAsTitle: "title",
- },
- access: {
- read: () => true,
- },
- fields: [
- {
- name: "title",
- type: "text",
- },
- {
- name: "author",
- type: "relationship",
- relationTo: People.slug,
- },
- {
- name: "publishedDate",
- type: "date",
- },
- {
- name: "category",
- type: "relationship",
- relationTo: "categories",
- },
- {
- name: "content",
- type: "richText",
- },
- {
- name: "status",
- type: "select",
- options: [
- {
- value: "draft",
- label: "Draft",
- },
- {
- value: "published",
- label: "Published",
- },
- ],
- defaultValue: "draft",
- admin: {
- position: "sidebar",
- },
- },
- ],
+ slug: "posts",
+ admin: {
+ defaultColumns: ["title", "author", "category", "status"],
+ useAsTitle: "title",
+ },
+ access: {
+ read: () => true,
+ create: isAdmin,
+ update: isAdmin,
+ delete: isAdmin,
+ },
+ fields: [
+ {
+ name: "title",
+ type: "text",
+ },
+ {
+ name: "author",
+ type: "relationship",
+ relationTo: People.slug,
+ },
+ {
+ name: "publishedDate",
+ type: "date",
+ },
+ {
+ name: "category",
+ type: "relationship",
+ relationTo: "categories",
+ },
+ {
+ name: "content",
+ type: "richText",
+ },
+ {
+ name: "status",
+ type: "select",
+ options: [
+ {
+ value: "draft",
+ label: "Draft",
+ },
+ {
+ value: "published",
+ label: "Published",
+ },
+ ],
+ defaultValue: "draft",
+ admin: {
+ position: "sidebar",
+ },
+ },
+ ],
 };
 
 export default Posts;
diff --git a/projects/rawkode.academy/cms/src/collections/media/logo.ts b/projects/rawkode.academy/cms/src/collections/media/logo.ts
@@ -1,45 +1,52 @@
 import { ImageUploadFormatOptions } from "payload/dist/uploads/types";
 import type { CollectionConfig } from "payload/types";
+import { isAdmin } from "../../utilities/isAdmin";
 
 const formatOptions: ImageUploadFormatOptions = {
  format: "webp",
 };
 
 export const Logo: CollectionConfig = {
- slug: "logo",
- upload: {
- disableLocalStorage: false,
- adminThumbnail: "thumbnail",
- imageSizes: [
- {
- name: "thumbnail",
- height: 400,
- width: 400,
- crop: "center",
- formatOptions,
- },
- {
- name: "sq960",
- width: 960,
- height: 960,
- crop: "center",
- formatOptions,
- },
- {
- name: "sq1440",
- width: 1440,
- height: 1440,
- crop: "center",
- formatOptions,
- },
- {
- name: "sq1920",
- width: 1920,
- height: 1920,
- crop: "center",
- formatOptions,
- },
- ],
- },
- fields: [],
+ slug: "logo",
+ access: {
+ read: () => true,
+ create: isAdmin,
+ update: isAdmin,
+ delete: isAdmin,
+ },
+ upload: {
+ disableLocalStorage: false,
+ adminThumbnail: "thumbnail",
+ imageSizes: [
+ {
+ name: "thumbnail",
+ height: 400,
+ width: 400,
+ crop: "center",
+ formatOptions,
+ },
+ {
+ name: "sq960",
+ width: 960,
+ height: 960,
+ crop: "center",
+ formatOptions,
+ },
+ {
+ name: "sq1440",
+ width: 1440,
+ height: 1440,
+ crop: "center",
+ formatOptions,
+ },
+ {
+ name: "sq1920",
+ width: 1920,
+ height: 1920,
+ crop: "center",
+ formatOptions,
+ },
+ ],
+ },
+ fields: [],
 };
diff --git a/projects/rawkode.academy/cms/src/collections/people/index.ts b/projects/rawkode.academy/cms/src/collections/people/index.ts
@@ -42,6 +42,8 @@ export const People: CollectionConfig = {
  position: "sidebar",
  },
  access: {
+ read: () => true,
+ create: readOnlyField,
  update: readOnlyField,
  },
  },
@@ -62,7 +64,7 @@ export const People: CollectionConfig = {
  position: "sidebar",
  },
  hasMany: false,
- defaultValue: "public",
+ defaultValue: "guest",
  required: true,
  access: {
  read: isFieldAdminOrSelf,

diff --git a/projects/rawkode.academy/cms/src/collections/shows/episodes.ts b/projects/rawkode.academy/cms/src/collections/shows/episodes.ts
@@ -1,31 +1,35 @@
 import { CollectionConfig } from 'payload/types';
+import { isAdmin } from "../../utilities/isAdmin";
 import { People } from "../people";
 import { Shows } from "./shows";
 
 export const Episodes: CollectionConfig = {
- slug: 'episodes',
- admin: {
- useAsTitle: 'name',
- },
- access: {
- read: () => true,
- },
- fields: [
- {
- name: 'name',
- type: 'text',
- },
- {
- name: "show",
- type: "relationship",
- relationTo: Shows.slug,
- },
- {
- name: "guests",
- type: "relationship",
- relationTo: People.slug,
- hasMany: true,
- }
- ],
- timestamps: false,
-}
+ slug: "episodes",
+ admin: {
+ useAsTitle: "name",
+ },
+ access: {
+ read: () => true,
+ create: isAdmin,
+ update: isAdmin,
+ delete: isAdmin,
+ },
+ fields: [
+ {
+ name: "name",
+ type: "text",
+ },
+ {
+ name: "show",
+ type: "relationship",
+ relationTo: Shows.slug,
+ },
+ {
+ name: "guests",
+ type: "relationship",
+ relationTo: People.slug,
+ hasMany: true,
+ },
+ ],
+ timestamps: false,
+};
diff --git a/projects/rawkode.academy/cms/src/collections/shows/shows.ts b/projects/rawkode.academy/cms/src/collections/shows/shows.ts
@@ -1,27 +1,31 @@
 import { CollectionConfig } from "payload/types";
-import { People } from "../people";
 import { slugField } from "../../fields/slug";
+import { isAdmin } from "../../utilities/isAdmin";
+import { People } from "../people";
 
 export const Shows: CollectionConfig = {
- slug: "shows",
- admin: {
- useAsTitle: "name",
- },
- access: {
- read: () => true,
- },
- fields: [
- {
- name: "name",
- type: "text",
- },
- {
- name: "hosts",
- type: "relationship",
- relationTo: People.slug,
- hasMany: true,
- },
- slugField(),
- ],
- timestamps: false,
+ slug: "shows",
+ admin: {
+ useAsTitle: "name",
+ },
+ access: {
+ read: () => true,
+ create: isAdmin,
+ update: isAdmin,
+ delete: isAdmin,
+ },
+ fields: [
+ {
+ name: "name",
+ type: "text",
+ },
+ {
+ name: "hosts",
+ type: "relationship",
+ relationTo: People.slug,
+ hasMany: true,
+ },
+ slugField("name"),
+ ],
+ timestamps: false,
 };