tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
85658c7017cb7dccc985fa5086454d8915987618
payload/docs/Access-Control/collections.mdx
Elliot DeNolf 5eca243af9 docs: rough collection access control
2021-01-03 00:14:41 -05:00

88 lines
3.3 KiB
Plaintext
Raw Blame History

---
title: Collection Access Control
label: Collections
order: 20
---
Collections access control is specified inside a collection config.
## Available Functions
| Function | Allows/Denies Access |
|--------------|-------------------------------------------|
| **create** | creating a collection document |
| **read** | reading a collection document |
| **update** | updating a collection document |
| **delete** | deleting a collection document |
| **admin** | viewing collection in the admin interface |
```js
// Collection config
module.exports = {
slug: 'public-user',
// highlight-start
access: {
create: () => true,
read: () => true,
update: () => true,
delete: () => true,
admin: () => true,
},
// highlight-end
}
```
### Create
Create access functions return a boolean result which allows/denies access
#### Arguments
The function receives one `args` argument that contains the following properties:
| Option | Description |
|-----------|-----------------------------------------------------------------------------------------------------|
| **`req`** | The Express `request` object with additional `user` property, which is the currently logged in user |
### Read
Read access functions can return a boolean result or optionally return a [where constraint](/docs/queries/overview).
#### Arguments
The function receives one `args` argument that contains the following properties:
| Option | Description |
|-----------|-----------------------------------------------------------------------------------------------------|
| **`req`** | The Express `request` object with additional `user` property, which is the currently logged in user |
| **`id`** | `id` of document requested. Value is `undefined` if not querying for specific ID |
### Update
Update access functions can return a boolean result or optionally return a [where constraint](/docs/queries/overview).
#### Arguments
The function receives one `args` argument that contains the following properties:
| Option | Description |
|-----------|-----------------------------------------------------------------------------------------------------|
| **`req`** | The Express `request` object with additional `user` property, which is the currently logged in user |
### Delete
Delete access functions can return a boolean result or optionally return a [where constraint](/docs/queries/overview).
#### Arguments
The function receives one `args` argument that contains the following properties:
| Option | Description |
|-----------|-----------------------------------------------------------------------------------------------------|
| **`req`** | The Express `request` object with additional `user` property, which is the currently logged in user |
| **`id`** | `id` of the document being deleted |
### Admin
_TODO: Find an example of this_
Reference in New Issue View Git Blame Copy Permalink