Fixing error for playwright usage

packages/authorization/src/access/general.ts

@@ -7,12 +7,14 @@ const PERMISSION_HIERARCHY: Record<string, string[]> = {
   read: ['read'],
 };
 
+// Returns true if user has action access to the collection, and (if fieldName provided) to the field
 export const canUserAccessAction = async (
   user: User | null | undefined,
   slugName: string,
   action: string,
   payload: Payload,
   config: AuthorizationPluginConfig,
+  fieldName?: string
 ): Promise<boolean> => {
   if (!user) return false;
 
@@ -29,18 +31,32 @@ export const canUserAccessAction = async (
 
   if (!roles.docs || roles.docs.length === 0) return false;
 
-  const userAllowedActions = new Set<string>();
+  let hasCollectionAccess = false;
+  let hasFieldAccess = !fieldName; // If no fieldName, default to true
 
   for (const role of roles.docs) {
     const permissions = role[config.permissionsField];
     if (permissions) {
       for (const permission of permissions) {
         if (permission.entity.includes(slugName)) {
-          userAllowedActions.add(permission.type);
-          PERMISSION_HIERARCHY[permission.type]?.forEach((perm) => userAllowedActions.add(perm));
+          // Check action
+          if (
+            (Array.isArray(permission.type) && permission.type.includes(action)) ||
+            permission.type === action
+          ) {
+            hasCollectionAccess = true;
+            // Field-level check
+            if (fieldName) {
+              if (!permission.fields || permission.fields.length === 0) {
+                hasFieldAccess = true; // No fields specified = all fields allowed
+              } else if (permission.fields.includes(fieldName)) {
+                hasFieldAccess = true;
+              }
+            }
+          }
         }
       }
     }
   }
-  return userAllowedActions.has(action);
+  return hasCollectionAccess && hasFieldAccess;
 };

packages/authorization/src/collection/Roles.ts

@@ -1,6 +1,7 @@
 import type { CollectionConfig } from 'payload';
-import { isAdmin, isAdminFieldLevel } from '../access/isAdmin';
-import { isAdminOrSelf } from '../access/isAdminOrSelf';
+import { isAdmin, isAdminFieldLevel } from '../access/isAdmin.js';
+import { isAdminOrSelf } from '../access/isAdminOrSelf.js';
+
 export const Roles: CollectionConfig = {
   slug: 'roles',
   labels: {
@@ -83,7 +84,7 @@ export const Roles: CollectionConfig = {
               options: [],
               required: true,
               admin: {
-                width: '70%',
+                width: '40%',
               },
               localized: true,
             },
@@ -124,6 +125,20 @@ export const Roles: CollectionConfig = {
               },
               localized: true,
             },
+            {
+              name: 'fields',
+              label: {
+                en: 'Fields (optional)',
+                he: 'שדות (אופציונלי)',
+              },
+              type: 'text',
+              hasMany: true,
+              admin: {
+                width: '30%',
+                description: 'Restrict this permission to specific fields (leave empty for all fields)',
+              },
+              localized: true,
+            },
           ],
         },
       ],

packages/authorization/src/index.ts

@@ -3,9 +3,9 @@ import { hasAccessToAction } from './utilities/hasAccessToAction.js';
 import { ensurePath } from './utilities/ensurePath.js';
 import { populateOptions } from './fields/populateOptions.js';
 import { AuthorizationPluginConfig } from './types.js';
-export * from "./access/isAdmin";
-export * from "./access/isAdminOrSelf";
-export * from "./access/isLoggedIn";
+export * from "./access/isAdmin.js";
+export * from "./access/isAdminOrSelf.js";
+export * from "./access/isLoggedIn.js";
 export * from './collection/Roles.js';
 export * from './fields/userFields.js';
 export { default as userFields } from './fields/userFields.js';

packages/authorization/src/types.ts

@@ -1,5 +1,12 @@
 import { CollectionSlug } from 'payload';
 
+
+export type FieldLevelPermission = {
+  entity: string[];
+  type: string[];
+  fields?: string[]; // List of allowed fields for this permission
+};
+
 export type AuthorizationPluginConfig = {
   rolesCollection?: string;
   permissionsField?: string;