From cef864a80ecbfd67e79d86310dfd69568e5e5b1f Mon Sep 17 00:00:00 2001
From: Elliot DeNolf <denolfe@gmail.com>
Date: Sun, 3 Jan 2021 23:56:42 -0500
Subject: [PATCH] docs: add field access control and collection admin access
 control

---
 docs/Access-Control/collections.mdx | 14 ++++--
 docs/Access-Control/fields.mdx      | 69 ++++++++++++++++++++++++++++-
 2 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/docs/Access-Control/collections.mdx b/docs/Access-Control/collections.mdx
index 991eb5343c..8c63fffefc 100644
--- a/docs/Access-Control/collections.mdx
+++ b/docs/Access-Control/collections.mdx
@@ -4,7 +4,7 @@ label: Collections
 order: 20
 ---
 
-Collections access control is specified inside a collection config.
+Collections access control is specified with functions inside a collection config.
 
 ## Available Functions
 
@@ -34,7 +34,7 @@ module.exports = {
 
 ### Create
 
-Create access functions return a boolean result which allows/denies access
+Create access functions return a boolean result which allows/denies access to create a document
 
 #### Arguments
 
@@ -84,4 +84,12 @@ The function receives one `args` argument that contains the following properties
 
 ### Admin
 
-_TODO: Find an example of this_
+Admin access functions determine whether or not a user can access the admin UI.
+
+** Only applicable on collections that have auth **
+
+It receives one `args` argument that contains the following properties:
+
+| Option    | Description                                                                                         |
+|-----------|-----------------------------------------------------------------------------------------------------|
+| **`req`** | The Express `request` object with additional `user` property, which is the currently logged in user |
diff --git a/docs/Access-Control/fields.mdx b/docs/Access-Control/fields.mdx
index 45d638660c..e4f987d6c0 100644
--- a/docs/Access-Control/fields.mdx
+++ b/docs/Access-Control/fields.mdx
@@ -4,4 +4,71 @@ label: Fields
 order: 30
 ---
 
-Fields
+Field access control is specified with functions inside a field's config. The functions return a boolean value to allow or deny access for the specified operation.
+
+## Available Functions
+
+| Function   | Allows/Denies Access                    |
+| ---------- | --------------------------------------- |
+| **create** | setting a field's value on new document |
+| **read**   | reading a field's value                 |
+| **update** | updating a field's value                |
+
+```js
+// Collection config
+module.exports = {
+  slug: 'public-user',
+  fields: [
+    {
+      name: 'lockedDownField',
+      label: 'Locked Down',
+      type: 'text'
+      // highlight-start
+      access: {
+        create: () => true,
+        read: () => true,
+        update: () => true,
+      },
+      // highlight-end
+    };
+  ],
+}
+```
+
+### Create
+
+Create access functions return a boolean result which allows or denies the ability to set a field's value when creating a new document
+
+#### Arguments
+
+The function receives one `args` argument that contains the following properties:
+
+| Option    | Description                                                                                         |
+| --------- | --------------------------------------------------------------------------------------------------- |
+| **`req`** | The Express `request` object with additional `user` property, which is the currently logged in user |
+
+### Read
+
+Read access functions return a boolean result which allows or denies the ability to read a field's value
+
+#### Arguments
+
+The function receives one `args` argument that contains the following properties:
+
+| Option    | Description                                                                                         |
+| --------- | --------------------------------------------------------------------------------------------------- |
+| **`req`** | The Express `request` object with additional `user` property, which is the currently logged in user |
+| **`id`**  | `id` of the document being read                                                                     |
+
+### Update
+
+Update access functions return a boolean result which allows or denies the ability to update a field's value
+
+#### Arguments
+
+The function receives one `args` argument that contains the following properties:
+
+| Option    | Description                                                                                         |
+| --------- | --------------------------------------------------------------------------------------------------- |
+| **`req`** | The Express `request` object with additional `user` property, which is the currently logged in user |
+| **`id`**  | `id` of the document being updated                                                                     |