feat(db/access): improve access control with organizer or user case

Author: MFarabi619

libs/cms/auth/strategies/linkedin.ts

@@ -50,42 +50,6 @@ export const linkedinOAuth = OAuth2Plugin({
       const { id, vanityName, imageUrl } =
         await fetchLinkedInProfileData(accessToken);
 
-const existingUserByLinkedIn = await req.payload.find({
-  collection: "users",
-  where: {
-    linkedinVanity: {
-      equals: vanityName,
-    },
-  },
-  limit: 1,
-});
-
-if (existingUserByLinkedIn.docs.length > 0) {
-  const existingUser = existingUserByLinkedIn.docs[0];
-
-  await req.payload.update({
-    collection: "users",
-    id: existingUser.id,
-    data: {
-      linkedinId: id,
-      linkedinEmailVerified: user.email_verified,
-      linkedinLocale: user.locale,
-    },
-  });
-
-  return {
-    email: existingUser.email,
-    firstName: existingUser.firstName,
-    lastName: existingUser.lastName,
-    preferredDisplayName: existingUser.preferredDisplayName,
-    avatar: existingUser.avatar,
-    linkedinId: id,
-    linkedinVanity: vanityName,
-    linkedinEmailVerified: user.email_verified,
-    linkedinLocale: user.locale,
-  };
-}
-
 const existingUserByEmail = await req.payload.find({
   collection: "users",
   where: {
@@ -96,11 +60,24 @@ const existingUserByEmail = await req.payload.find({
   limit: 1,
 });
 
-let avatarId = null;
+      const hackathonResult = await req.payload.find({
+        collection: "hackathons",
+        where: { year: { equals: 2025 } },
+        pagination: false,
+      });
+
+      const hackathon = hackathonResult.docs[0] || null;
+
+      const groupResult = await req.payload.find({
+        collection: "groups",
+        where: { name: { equals: "Hacker" } },
+        pagination: false,
+      });
+
+      const group = groupResult.docs[0] || null;
 
-if (existingUserByEmail.docs.length === 0 || existingUserByEmail.docs[0].avatar === null) {
   const filename = `${user.given_name.toLowerCase()}-${user.family_name.toLowerCase()}-avatar.png`;
-  avatarId = imageUrl
+  const avatarId = imageUrl
     ? await getOrUploadMedia(
         req.payload,
         req,
@@ -109,18 +86,31 @@ if (existingUserByEmail.docs.length === 0 || existingUserByEmail.docs[0].avatar
         `${user.given_name} ${user.family_name}'s avatar`,
       )
     : null;
-}
 
-if (existingUserByEmail.docs.length === 0) {
+if (existingUserByEmail.docs.length === 0 || existingUserByEmail.docs[0].avatar === null) {
   await req.payload.sendEmail({
     to: user.email,
     subject: "Welcome to cuHacking 2025",
     html: await generateEmail(),
   });
-}
 
 return {
   email: user.email,
+  hackathons: hackathon ? hackathon.id : undefined ,
+  group: group ? group.id : undefined,
+  firstName: user.given_name,
+  lastName: user.family_name,
+  preferredDisplayName: user.name,
+  avatar: avatarId,
+  linkedinId: id,
+  linkedinVanity: vanityName,
+  linkedinEmailVerified: user.email_verified,
+  linkedinLocale: user.locale,
+};
+}
+
+return {
+  email: existingUserByEmail.docs[0].email || user.email,
   firstName: user.given_name,
   lastName: user.family_name,
   preferredDisplayName: user.name,

libs/db/access/index.ts

@@ -3,7 +3,16 @@ import type { AccessArgs, FieldHook } from 'payload'
 
 type IsAuthenticated = (args: AccessArgs<User>) => boolean
 
-export const authenticated: IsAuthenticated = ({ req }) => Boolean(req.user)
+export const authenticated: IsAuthenticated = ({ req }) => {
+  return Boolean(req.user)
+}
+
+export const anyone: IsAuthenticated = ({ req: { user } }) => {
+  if (!user) return false;
+  return {
+    id: { equals: user.id }
+  };
+};
 
 export const isSuperAdmin: IsAuthenticated = ({ req: { user } }) =>
   user?.id === 1 || user?.organizerTeam?.name === "Co-Leads";
@@ -16,14 +25,48 @@ export const adminsAndUser: IsAuthenticated = ({ req: { user } }) => {
   return { id: user.id };
 };
 
-export const isSameUser: IsAuthenticated = ({ req: { user } }) => {
+
+export const isOrganizerOrUser = ({ req: {user} }) => {
   if (!user) return false;
+  if (user){
+   if (user.organizerTeam?.name){
+     return true
+   }
   return {
-    id: { equals: user.id }
-  };
+    id: {
+      equals: user.id
+    }
+  }
+};
+}
+
+export const isSponsor = ({ req: {user} }) => {
+  if (user){
+   if (user.group.name === "Sponsor"){
+     return true
+   }
+  }
+  return false
 };
 
-export const anyone: IsAuthenticated = () => true;
+export const isMentor = ({ req: {user} }) => {
+  if (user){
+   if (user.group.name === "Mentor"){
+     return true
+   }
+  }
+  return false
+};
+
+
+export const isJudge = ({ req: {user} }) => {
+  if (user){
+   if (user.group.name === "Mentor"){
+     return true
+   }
+  }
+  return false
+};
 
 export const isOrganizer: IsAuthenticated = ({ req: { user } }) =>
   user?.group?.name === "Organizer";

libs/db/collections/models/Users.ts

@@ -5,10 +5,11 @@ import { Payload } from "payload";
 import type { CollectionConfig } from "payload";
 import {
   admins,
-  isSameUser,
+  // isSameUser,
   adminsAndUser,
   anyone,
   authenticated,
+  isOrganizer,
   isSuperAdmin,
   // checkRole
 } from "@/db/access";
@@ -257,7 +258,6 @@ const SCHOOLS = ALL_SCHOOLS.map((school) => ({
 
 export const Users: CollectionConfig = {
   slug: "users",
-  // auth: true,
   auth: {
     cookies: {
       domain: process.env.NODE_ENV === 'development' ? 'localhost' : '.cuhacking.ca',
@@ -270,16 +270,22 @@ export const Users: CollectionConfig = {
     },
   },
   access: {
-    admin: isSuperAdmin,
+    admin: isOrganizer,
     read: adminsAndUser,
     create: authenticated,
-    update: ({ req }) => isSuperAdmin({ req }) || isSameUser({ req }),
-    delete: admins,
+    update: authenticated,
+    // delete: admins,
   },
   // hooks: {
   //   afterChange: [loginAfterCreate],
   // },
   admin: {
+    // hidden: (user) => {
+    //   if (user?.id === 1){
+    //    return false
+    //   }
+    //   return user?.group?.name === "Organizer" ? false : true
+    // },
     livePreview: {
       url: `${process.env.CUHACKING_2025_PORTAL_LOCAL_URL}/profile`,
       breakpoints: [