debug: add 403 interceptors to find which operation fails

2026-03-17 15:04:14 +00:00 · 2026-02-25 13:11:55 +00:00 · 2026-02-25 13:11:55 +00:00 · 26ceccbfb9
commit 26ceccbfb9
parent 06999b2bd7
2 changed files with 47 additions and 2 deletions
--- a/src/globals/SEOSettings.ts
+++ b/src/globals/SEOSettings.ts
@ -18,9 +18,17 @@ export const SEOSettings: GlobalConfig = {
  },
  access: {
    // Alle angemeldeten Benutzer können lesen
-    read: ({ req: { user } }) => Boolean(user),
+    read: ({ req: { user } }) => {
+      const result = Boolean(user)
+      if (!result) console.log('[DEBUG:SEO] read ACCESS DENIED - no user')
+      return result
+    },
    // Nur Super Admins können bearbeiten
-    update: ({ req: { user } }) => Boolean(user?.isSuperAdmin),
+    update: ({ req: { user } }) => {
+      const result = Boolean(user?.isSuperAdmin)
+      console.log('[DEBUG:SEO] update access:', { email: user?.email, isSuperAdmin: user?.isSuperAdmin, result })
+      return result
+    },
  },
  fields: [
    // === META DEFAULTS ===
--- a/src/payload.config.ts
+++ b/src/payload.config.ts
@ -131,6 +131,43 @@ const filename = fileURLToPath(import.meta.url)
 const dirname = path.dirname(filename)

 export default buildConfig({
+  // DEBUG: Log all API requests that result in 403
+  onInit: async (payload) => {
+    const originalFindGlobal = payload.findGlobal.bind(payload)
+    payload.findGlobal = async (args: Parameters<typeof payload.findGlobal>[0]) => {
+      try {
+        return await originalFindGlobal(args)
+      } catch (err: unknown) {
+        if (err && typeof err === 'object' && 'status' in err && (err as { status: number }).status === 403) {
+          console.log('[DEBUG:403] Global read FORBIDDEN:', { slug: args.slug, user: args.req?.user?.email || 'no user' })
+        }
+        throw err
+      }
+    }
+    const originalUpdate = payload.update.bind(payload)
+    payload.update = async (args: Parameters<typeof payload.update>[0]) => {
+      try {
+        return await originalUpdate(args)
+      } catch (err: unknown) {
+        if (err && typeof err === 'object' && 'status' in err && (err as { status: number }).status === 403) {
+          console.log('[DEBUG:403] Collection update FORBIDDEN:', { collection: args.collection, id: args.id, user: args.req?.user?.email || 'no user' })
+        }
+        throw err
+      }
+    }
+    const originalUpdateGlobal = payload.updateGlobal.bind(payload)
+    payload.updateGlobal = async (args: Parameters<typeof payload.updateGlobal>[0]) => {
+      try {
+        return await originalUpdateGlobal(args)
+      } catch (err: unknown) {
+        if (err && typeof err === 'object' && 'status' in err && (err as { status: number }).status === 403) {
+          console.log('[DEBUG:403] Global update FORBIDDEN:', { slug: args.slug, user: args.req?.user?.email || 'no user' })
+        }
+        throw err
+      }
+    }
+    console.log('[DEBUG] 403 interceptors installed')
+  },
  serverURL: process.env.PAYLOAD_PUBLIC_SERVER_URL || 'https://pl.porwoll.tech',
  admin: {
    user: Users.slug,