fix(plugin-multi-tenant): simplified getTenantOptions function and added access control for regular users #14620
+34
−52
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ess control for regular users
Contributor
|
@AdrianMaj Im not opposed to this fix, I like it. Can we see why the test is failing? Specifically this one "should only show users assigned tenants". The other test is flakey and will pass on re-run, but I would like to figure out if the one that failed is real. |
Contributor
Author
|
Hey @JarrodMFlesch I'll check this test today and update this PR with fix, thanks! |
Contributor
Author
|
@JarrodMFlesch The multi-tenant tests are now passing, but some unrelated flaky tests are failing. While the fix should work correctly now, I think we should add an e2e test that verifies if the selector respects access control when populating options. The simplification also made some props unused - should I remove them or keep them for backward compatibility? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What?
Simplified
getTenantOptionsutility to respect access control when populating tenant selector options.Why?
Previously, the tenant selector would display all tenants that a user had in their
tenantsarray, regardless of whether they actually had read access to those tenants through the collection's access control configuration. This created a security/UX issue where users could see tenant options they couldn't actually access.The old implementation manually iterated through
user[tenantsArrayFieldName]and populated tenant IDs, bypassing Payload's access control system. This meant that even if a tenant collection had restrictivereadaccess rules, those rules weren't applied when generating selector options.How?
Removed the branching logic that differentiated between users with "access to all tenants" vs. limited access. Now, all users go through the same code path:
payload.find()call withoverrideAccess: falseand theusercontextreadaccess configurationBefore:
userHasAccessToAllTenants(user)→ fetch all tenants from DBuser[tenantsArrayFieldName], then query those specific IDsAfter:
payload.find()withoverrideAccess: falseQuestion: Should I remove the now-unused parameters (
tenantsArrayFieldName,tenantsArrayTenantFieldName,userHasAccessToAllTenants) fromgetTenantOptions, or keep them?Fixes #14051