Skip to content

authorization

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

authorization

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
images
images
 
 
src
src
 
 
.eslintrc.cjs
.eslintrc.cjs
 
 
.gitignore
.gitignore
 
 
.swcrc
.swcrc
 
 
README.md
README.md
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

README.md

Authorization Plugin

This plugin enables you to define roles based on basic permissions per collection.
Roles are assigned to users to control access and manage permissions efficiently. 🚀

Screen.Recording.2025-02-02.at.15.16.57.mov

Usage

With this plugin, you're in full control of user roles and permissions in Payload CMS. While there is a built-in Administrator role, you can go beyond that and create custom roles tailored to your needs.

Define roles with any combination of permissionsread, write, and publish—and apply them to any collection or global within your project.

How It Works

Each role you create consists of:
Granular Permissions: Assign read, write, or publish permissions to collections and globals.
Hierarchical Access:

  • Write access automatically includes read access.
  • Publish access includes both write and read access.

With this powerful system, you have complete flexibility in managing access control—ensuring the right people have the right level of control.

Administrators can set as many permissions he/she wants within a role and as many as roles within a user

Install

  • Install the plugin using your node package manager, e.g:

pnpm add @shefing/authorization

Setup

In the payload.config.ts add the following:

plugins: [
    ...plugins,
    addAccess({
      rolesCollection: 'roles', // name of the collection defining the roles
      permissionsField: 'permissions', // name of the field within the role collection
      excludedCollections: ['posts', 'media'] // enable to exclude some collections from permission control
    }),

Install the roles collection (you don't have to use this collection, you can write your own roles).

  import { Roles } from '@shefing/authorization'
  collections: [...collection, Roles],

Fields Configuration

The users collection must be update to include the following fields:

      import {userFields} from '@shefing/authorization'

      fields:[
        ...fields,
        ...userFields,
      ]

isAdmin Role

When isAdmin is enabled, the user has full access to the system, including:

Read, write, and publish across all collections and globals
Manage all content without restrictions
Access admin-only features

This role ensures complete control over the CMS, allowing seamless content management.

isGenerator Role

When isGenerator is enabled, the user can only generate static content without consuming dependencies in the API.

{
  name: 'belong',
  label: 'Belongs To',
  type: 'relationship',
  hasMany: true,
  relationTo: 'movies',
  index: true,
  access: {
    // Only non API users can read the field
    read: isNotGeneratorUserFieldLevel,
  }
},