53 lines
1.7 KiB
Plaintext
53 lines
1.7 KiB
Plaintext
---
|
|
title: Globals Access Control
|
|
label: Globals
|
|
order: 40
|
|
desc: Global-level Access Control is specified within each Global's `access` property and allows you to define which users can read or update Globals.
|
|
keywords: globals, access control, permissions, documentation, Content Management System, cms, headless, javascript, node, react, express
|
|
---
|
|
|
|
You can define Global-level Access Control within each Global's `access` property. All Access Control functions accept one `args` argument.
|
|
|
|
**Available argument properties:
|
|
|
|
## Available Controls
|
|
|
|
| Function | Allows/Denies Access |
|
|
| ------------------------ | -------------------- |
|
|
| **[`read`](#read)** | Used in the `findOne` Global operation |
|
|
| **[`update`](#update)** | Used in the `update` Global operation |
|
|
|
|
**Example Global config:**
|
|
```js
|
|
export default {
|
|
slug: "header",
|
|
// highlight-start
|
|
access: {
|
|
read: ({ req: { user } }) => { ... },
|
|
update: ({ req: { user } }) => { ... },
|
|
},
|
|
// highlight-end
|
|
};
|
|
```
|
|
|
|
### Read
|
|
|
|
Returns a boolean result or optionally a [query constraint](/docs/queries/overview) which limits who can read this global based on its current properties.
|
|
|
|
**Available argument properties:**
|
|
|
|
| Option | Description |
|
|
| --------- | ----------- |
|
|
| **`req`** | The Express `request` object containing the currently authenticated `user` |
|
|
|
|
### Update
|
|
|
|
Returns a boolean result or optionally a [query constraint](/docs/queries/overview) which limits who can update this global based on its current properties.
|
|
|
|
**Available argument properties:**
|
|
|
|
| Option | Description |
|
|
| ---------- | ----------- |
|
|
| **`req`** | The Express `request` object containing the currently authenticated `user` |
|
|
| **`data`** | The data passed to update the global with. |
|