payload-webp
payload-webp copied to clipboard
chladog
Cannot access payload-webp optimized images using query return in access control
Original-Post https://github.com/payloadcms/payload/issues/3101
If you need further information feel free to ask ;-)
Original Post from payloadcms/payload
To Reproduce
Upload images to a media collection with a relationship field (e. g. to a site) and have payload-webp installed and activated. Only allow user to read the webp files if they have a relationship to the same site and use a query constrained for checking this.
Access-configuration for my media collection:
access: { create: ****, read: hasBasicReadAccess('site'), update: ****, delete: **** },
Function "hasBasicReadAccess":
export const hasBasicReadAccess = (siteIdFieldName = 'siteId'): Access => ({
req: {
user,
},
}) => {
if (user?.isSystemAdmin) return true;
if (user) {
const userSiteIds = [];
if (user.sites && user.sites.length > 0) {
user.sites.forEach(({ site } : { site: string | Site }) => {
userSiteIds.push((typeof site === 'string') ? site : site.id);
});
}
return {
or: [
{
author: {
equals: user.id,
},
},
{
[siteIdFieldName]: {
in: userSiteIds,
},
},
],
};
}
return false;
};
Describe the Bug
I cannot access a .webp media file created by payload-webp when return a query constrain while checking read-access.
Testing it as a mongodb query using robo3t for example all is fine.
Always receiving error
Forbidden: You are not allowed to perform this action. at /home/user/payloadcms/node_modules/payload/src/auth/getExecuteStaticAccess.ts:53:17 at processTicksAndRejections (node:internal/process/task_queues:95:5)
payload-webp version: ^1.1.0
Payload Version
1.8.2
for me, this happened because I had conflicting logins. I have two collection with auth: true and it was causing the issue. If you open in incognito, this goes aways. To fix this , you can simply clear your cookies/localStorage.
