Add access control

Author: paulpopus

demo/src/payload.config.ts

@@ -53,6 +53,9 @@ export default buildConfig({
   plugins: [
     payloadDashboardAnalytics({
       provider: plausibleProvider,
+      access: (user: any) => {
+        return Boolean(user);
+      },
       navigation: {
         afterNavLinks: [
           {

src/index.ts

@@ -24,7 +24,7 @@ const payloadDashboardAnalytics =
   (incomingConfig: DashboardAnalyticsConfig) =>
   (config: PayloadConfig): PayloadConfig => {
     const { admin, collections, globals } = config;
-    const { provider, navigation, dashboard } = incomingConfig;
+    const { provider, navigation, dashboard, access } = incomingConfig;
     const endpoints = config.endpoints ?? [];
     const apiProvider = getProvider(provider);
 
@@ -71,12 +71,12 @@ const payloadDashboardAnalytics =
       },
       endpoints: [
         ...endpoints,
-        getGlobalAggregate(apiProvider),
-        getGlobalChart(apiProvider),
-        getPageChart(apiProvider),
-        getPageAggregate(apiProvider),
-        getLive(apiProvider),
-        getReport(apiProvider),
+        getGlobalAggregate(apiProvider, access),
+        getGlobalChart(apiProvider, access),
+        getPageChart(apiProvider, access),
+        getPageAggregate(apiProvider, access),
+        getLive(apiProvider, access),
+        getReport(apiProvider, access),
       ],
       ...(collections && {
         collections: collections.map((collection) => {

src/providers/plausible/client.ts

@@ -71,7 +71,7 @@ function client(provider: PlausibleProvider, options: ClientOptions) {
     propertiesMap: PropertyMap,
     fetch: async (customUrl?: string) => {
       const fetchUrl = customUrl ?? url.toString();
-      console.log("fetching with", url.toString());
+
       return await fetch(fetchUrl, {
         method: "get",
         headers: new Headers({

src/routes/getGlobalAggregate/handler.ts

@@ -1,11 +1,24 @@
-import { Endpoint } from "payload/config";
-import { ApiProvider } from "../../providers";
+import type { Endpoint } from "payload/config";
+import type { ApiProvider } from "../../providers";
+import type { AccessControl } from "../../types";
 
-const handler = (provider: ApiProvider) => {
+const handler = (provider: ApiProvider, access?: AccessControl) => {
   const handler: Endpoint["handler"] = async (req, res, next) => {
-    const { payload } = req;
+    const { payload, user } = req;
     const { timeframe, metrics } = req.body;
 
+    if (access) {
+      const accessControl = access(user);
+
+      if (!accessControl) {
+        payload.logger.error("📊 Analytics API: Request fails access control.");
+        res
+          .status(500)
+          .send("Request fails access control. Are you authenticated?");
+        return next();
+      }
+    }
+
     if (!metrics) {
       payload.logger.error("📊 Analytics API: Missing metrics argument.");
       res.status(500).send("Missing metrics argument.");

src/routes/getGlobalAggregate/index.ts

@@ -1,12 +1,16 @@
-import { Endpoint } from "payload/config";
+import type { Endpoint } from "payload/config";
+import type { ApiProvider } from "../../providers";
+import type { AccessControl } from "../../types";
 import handler from "./handler";
-import { ApiProvider } from "../../providers";
 
-const getGlobalAggregate = (provider: ApiProvider): Endpoint => {
+const getGlobalAggregate = (
+  provider: ApiProvider,
+  access?: AccessControl
+): Endpoint => {
   return {
     path: "/analytics/globalAggregate",
     method: "post",
-    handler: handler(provider),
+    handler: handler(provider, access),
   };
 };
 

src/routes/getGlobalChart/handler.ts

@@ -1,11 +1,24 @@
-import { Endpoint } from "payload/config";
-import { ApiProvider } from "../../providers";
+import type { Endpoint } from "payload/config";
+import type { ApiProvider } from "../../providers";
+import type { AccessControl } from "../../types";
 
-const handler = (provider: ApiProvider) => {
+const handler = (provider: ApiProvider, access?: AccessControl) => {
   const handler: Endpoint["handler"] = async (req, res, next) => {
-    const { payload } = req;
+    const { payload, user } = req;
     const { timeframe, metrics } = req.body;
 
+    if (access) {
+      const accessControl = access(user);
+
+      if (!accessControl) {
+        payload.logger.error("📊 Analytics API: Request fails access control.");
+        res
+          .status(500)
+          .send("Request fails access control. Are you authenticated?");
+        return next();
+      }
+    }
+
     if (!metrics) {
       payload.logger.error("📊 Analytics API: Missing metrics argument.");
       res.status(500).send("Missing metrics argument.");

src/routes/getGlobalChart/index.ts

@@ -1,12 +1,16 @@
-import { Endpoint } from "payload/config";
+import type { Endpoint } from "payload/config";
+import type { ApiProvider } from "../../providers";
+import type { AccessControl } from "../../types";
 import handler from "./handler";
-import { ApiProvider } from "../../providers";
 
-const getGlobalChart = (provider: ApiProvider): Endpoint => {
+const getGlobalChart = (
+  provider: ApiProvider,
+  access?: AccessControl
+): Endpoint => {
   return {
     path: "/analytics/globalChart",
     method: "post",
-    handler: handler(provider),
+    handler: handler(provider, access),
   };
 };
 

src/routes/getLive/handler.ts

@@ -1,9 +1,22 @@
-import { Endpoint } from "payload/config";
-import { ApiProvider } from "../../providers";
+import type { Endpoint } from "payload/config";
+import type { ApiProvider } from "../../providers";
+import type { AccessControl } from "../../types";
 
-const handler = (provider: ApiProvider) => {
+const handler = (provider: ApiProvider, access?: AccessControl) => {
   const handler: Endpoint["handler"] = async (req, res, next) => {
-    const { payload } = req;
+    const { payload, user } = req;
+
+    if (access) {
+      const accessControl = access(user);
+
+      if (!accessControl) {
+        payload.logger.error("📊 Analytics API: Request fails access control.");
+        res
+          .status(500)
+          .send("Request fails access control. Are you authenticated?");
+        return next();
+      }
+    }
 
     try {
       const data = await provider.getLiveData({});

src/routes/getLive/index.ts

@@ -1,12 +1,13 @@
-import { Endpoint } from "payload/config";
+import type { Endpoint } from "payload/config";
+import type { ApiProvider } from "../../providers";
+import type { AccessControl } from "../../types";
 import handler from "./handler";
-import { ApiProvider } from "../../providers";
 
-const getLive = (provider: ApiProvider): Endpoint => {
+const getLive = (provider: ApiProvider, access?: AccessControl): Endpoint => {
   return {
     path: "/analytics/live",
     method: "post",
-    handler: handler(provider),
+    handler: handler(provider, access),
   };
 };
 

src/routes/getPageAggregate/handler.ts

@@ -1,12 +1,25 @@
 import type { Endpoint } from "payload/config";
-import { ApiProvider } from "../../providers";
+import type { ApiProvider } from "../../providers";
 import type { AggregateData } from "../../types/data";
+import type { AccessControl } from "../../types";
 
-const handler = (provider: ApiProvider) => {
+const handler = (provider: ApiProvider, access?: AccessControl) => {
   const handler: Endpoint["handler"] = async (req, res, next) => {
-    const { payload } = req;
+    const { payload, user } = req;
     const { timeframe, metrics, pageId } = req.body;
 
+    if (access) {
+      const accessControl = access(user);
+
+      if (!accessControl) {
+        payload.logger.error("📊 Analytics API: Request fails access control.");
+        res
+          .status(500)
+          .send("Request fails access control. Are you authenticated?");
+        return next();
+      }
+    }
+
     if (!metrics) {
       payload.logger.error("📊 Analytics API: Missing metrics argument.");
       res.status(500).send("Missing metrics argument.");