feat: exposes data arg within create and update access control

jmikrut · jmikrut · commit 73f418bb5cad · 2022-03-08T14:42:47.000-05:00
diff --git a/docs/access-control/collections.mdx b/docs/access-control/collections.mdx
@@ -48,9 +48,10 @@ Returns a boolean which allows/denies access to the `create` request.
 
 **Available argument properties :**
 
-| Option    | Description |
-| --------- | ----------- |
-| **`req`** | The Express `request` object containing the currently authenticated `user` |
+| Option     | Description |
+| ---------- | ----------- |
+| **`req`**  | The Express `request` object containing the currently authenticated `user` |
+| **`data`** | The data passed to create the document with. |
 
 ### Read
 
@@ -69,10 +70,11 @@ Update access functions can return a boolean result or optionally return a [quer
 
 **Available argument properties :**
 
-| Option    | Description |
-| --------- | ----------- |
-| **`req`** | The Express `request` object containing the currently authenticated `user` |
-| **`id`**  | `id` of document requested to update |
+| Option     | Description |
+| ---------- | ----------- |
+| **`req`**  | The Express `request` object containing the currently authenticated `user` |
+| **`id`**   | `id` of document requested to update |
+| **`data`** | The data passed to update the document with. |
 
 ### Delete
 
diff --git a/docs/access-control/globals.mdx b/docs/access-control/globals.mdx
@@ -46,6 +46,7 @@ Returns a boolean result or optionally a [query constraint](/docs/queries/overvi
 
 **Available argument properties:**
 
-| Option    | Description |
-| --------- | ----------- |
-| **`req`** | The Express `request` object containing the currently authenticated `user` |
+| Option     | Description |
+| ---------- | ----------- |
+| **`req`**  | The Express `request` object containing the currently authenticated `user` |
+| **`data`** | The data passed to update the global with. |
diff --git a/src/collections/operations/create.ts b/src/collections/operations/create.ts
@@ -67,7 +67,7 @@ async function create(this: Payload, incomingArgs: Arguments): Promise<Document>
   // /////////////////////////////////////
 
   if (!overrideAccess) {
-    await executeAccess({ req }, collectionConfig.access.create);
+    await executeAccess({ req, data }, collectionConfig.access.create);
   }
 
   // /////////////////////////////////////
diff --git a/src/collections/operations/update.ts b/src/collections/operations/update.ts
@@ -64,6 +64,8 @@ async function update(this: Payload, incomingArgs: Arguments): Promise<Document>
     autosave = false,
   } = args;
 
+  let { data } = args;
+
   if (!id) {
     throw new APIError('Missing ID of document to update.', httpStatus.BAD_REQUEST);
   }
@@ -74,7 +76,7 @@ async function update(this: Payload, incomingArgs: Arguments): Promise<Document>
   // Access
   // /////////////////////////////////////
 
-  const accessResults = !overrideAccess ? await executeAccess({ req, id }, collectionConfig.access.update) : true;
+  const accessResults = !overrideAccess ? await executeAccess({ req, id, data }, collectionConfig.access.update) : true;
   const hasWherePolicy = hasWhereAccessResult(accessResults);
 
   // /////////////////////////////////////
@@ -120,8 +122,6 @@ async function update(this: Payload, incomingArgs: Arguments): Promise<Document>
     showHiddenFields,
   });
 
-  let { data } = args;
-
   // /////////////////////////////////////
   // Upload and resize potential files
   // /////////////////////////////////////
diff --git a/src/globals/operations/update.ts b/src/globals/operations/update.ts
@@ -26,13 +26,15 @@ async function update<T extends TypeWithID = any>(this: Payload, args): Promise<
     autosave,
   } = args;
 
+  let { data } = args;
+
   const shouldSaveDraft = Boolean(draftArg && globalConfig.versions.drafts);
 
   // /////////////////////////////////////
   // 1. Retrieve and execute access
   // /////////////////////////////////////
 
-  const accessResults = !overrideAccess ? await executeAccess({ req }, globalConfig.access.update) : true;
+  const accessResults = !overrideAccess ? await executeAccess({ req, data }, globalConfig.access.update) : true;
 
   // /////////////////////////////////////
   // Retrieve document
@@ -84,8 +86,6 @@ async function update<T extends TypeWithID = any>(this: Payload, args): Promise<
     showHiddenFields,
   });
 
-  let { data } = args;
-
   // /////////////////////////////////////
   // beforeValidate - Fields
   // /////////////////////////////////////

Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ async function create(this: Payload, incomingArgs: Arguments): Promise<Document>`
`67`	`67`	`// /////////////////////////////////////`
`68`	`68`
`69`	`69`	`if (!overrideAccess) {`
`70`		`- await executeAccess({ req }, collectionConfig.access.create);`
	`70`	`+ await executeAccess({ req, data }, collectionConfig.access.create);`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`// /////////////////////////////////////`