diff --git a/packages/core/src/lib/core/mutations/access-control.ts b/packages/core/src/lib/core/mutations/access-control.ts index b8b590307f1..ae361181601 100644 --- a/packages/core/src/lib/core/mutations/access-control.ts +++ b/packages/core/src/lib/core/mutations/access-control.ts @@ -216,55 +216,55 @@ async function enforceFieldLevelAccessControl({ } } -export async function getAccessControlledItemForUpdate( +export async function applyAccessControlForCreate( list: InitialisedList, context: KeystoneContext, - uniqueWhere: UniquePrismaFilter, - accessFilters: boolean | InputFilter, - inputData: Record + inputData: Record ) { - // apply filter access control - throws accessDeniedError on item not found - const item = await getFilteredItem(list, context, uniqueWhere!, accessFilters, 'update'); - await enforceListLevelAccessControl({ context, - operation: 'update', + operation: 'create', list, inputData, - item, + item: undefined, }); await enforceFieldLevelAccessControl({ context, - operation: 'update', + operation: 'create', list, inputData, - item, + item: undefined, }); - - return item; } -export async function applyAccessControlForCreate( +export async function getAccessControlledItemForUpdate( list: InitialisedList, context: KeystoneContext, - inputData: Record + uniqueWhere: UniquePrismaFilter, + accessFilters: boolean | InputFilter, + inputData: Record ) { + // apply filter access control - throws accessDeniedError on item not found + const item = await getFilteredItem(list, context, uniqueWhere!, accessFilters, 'update'); + await enforceListLevelAccessControl({ context, - operation: 'create', + operation: 'update', list, inputData, - item: undefined, + item, }); await enforceFieldLevelAccessControl({ context, - operation: 'create', + operation: 'update', list, inputData, - item: undefined, + item, }); + + return item; } export async function getAccessControlledItemForDelete(