Simplify your stack and build anything. Or everything.

USE CASES

Headless CMS Enterprise App Builder Headless E-Commerce Digital Asset Management

FEATURES

Multi-Tenancy White Label Localization Access Control Auth

CASE STUDIES

See what others are building with Payload.

Browse Case Studies

Build tomorrow’s web with a modern solution you truly own.

PAYLOAD IS FOR

Developers Marketing teams Enterprise companies Agencies & Consultancies

COMPARE PAYLOAD

Payload vs WordPress Payload vs Contentful Payload vs Sanity Payload vs Strapi Payload vs Directus

AGENCY TESTIMONIAL

"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."

Become a Partner Find a Partner

Code-based nature means you can build on top of it to power anything.

Resources

Documentation Examples Templates GitHub Releases Blog Guides & Tutorials

Community

Roadmap Discord Community Help

Resources for Developers

Get the resources you need to start building today

Guides & Tutorials Explore Docs

It’s time to take back your content infrastructure.

Schedule a Demo

Enterprise Features

SSO AI Auto-Embedding Publishing Workflows Visual Editor Static A/B testing AI features

Customer Stories

Microsoft ASICS Blue Origin Hello Bello Tekton

Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case study Browse all

Community Help

Access for users does not work in v3

ratiu5last year

Maybe I'm doing something wrong, but I can't seem to get the access restrictions to work. I copied over this code from v2 (slightly modified):

{
  access: {
    admin: ({ req: { user } }) => user?.role === "super",
    create: () => false,
    delete: () => false,
  },
  // ...
}

I get an error saying that

req

is undefined. No idea how the callback is being called and with what arguments. Is this a bug? Let me know if you need more info.

notchrlast year
Hmm

If you do like
admin: (data) =>
and log data, what is the value/

Curious to see if the req shape is different

ratiu5last year

I get the following, with some info redacted:

{
  payload: <ref *1> BasePayload {
    authStrategies: [ [Object] ],
    collections: {
      users: [Object],
      'payload-preferences': [Object],
      'payload-migrations': [Object]
    },
    config: {
      ...
    },
    create: [AsyncFunction: create],
    db: {
      ...
    },
    decrypt: [Function: decrypt],
    duplicate: [AsyncFunction: duplicate],
    email: Promise {
      ...
    },
    emailOptions: { fromAddress: 'info@payloadcms.com', fromName: 'Payload' },
    encrypt: [Function: encrypt],
    extensions: undefined,
    find: [AsyncFunction: find],
    findByID: [AsyncFunction: findByID],
    findGlobal: [AsyncFunction: findGlobal],
    findGlobalVersionByID: [AsyncFunction: findGlobalVersionByID],
    findGlobalVersions: [AsyncFunction: findGlobalVersions],
    findVersionByID: [AsyncFunction: findVersionByID],
    findVersions: [AsyncFunction: findVersions],
    forgotPassword: [AsyncFunction: forgotPassword],
    getAPIURL: [Function: getAPIURL],
    getAdminURL: [Function: getAdminURL],
    globals: { config: [] },
    logger: EventEmitter {
      ...
    },
    login: [AsyncFunction: login],
    resetPassword: [AsyncFunction: resetPassword],
    restoreGlobalVersion: [AsyncFunction: restoreGlobalVersion],
    restoreVersion: [AsyncFunction: restoreVersion],
    schema: undefined,
    secret: 'dd4cf5ac6a674a17948ce72497c8e562',
    sendEmail: [Function: bound sendEmail] AsyncFunction,
    types: undefined,
    unlock: [AsyncFunction: unlock],
    updateGlobal: [AsyncFunction: updateGlobal],
    validationRules: undefined,
    verifyEmail: [AsyncFunction: verifyEmail],
    versions: {}
  },
  user: {
    id: 1,
    name: null,
    role: 'super',
    updatedAt: '2024-04-02T15:12:41.962Z',
    createdAt: '2024-04-02T15:12:41.962Z',
    email: '...',
    loginAttempts: 0,
    collection: 'users',
    _strategy: 'local-jwt'
  }
}

If you need the full output, let me know. I thought this amount would be enough to get an idea of the structure.

notchrlast year
ah so that's your
req
object

because it has req.payload

req.user

etc
```
  access: {
    admin: (req) => req.user?.role === "super",
    create: () => false,
    delete: () => false,
  },
```
I'm guessing that works, without the destruction

or uh...destructuring?
ratiu5last year
Was this a change from v2.0 to v3.0?

And that did do the trick, thanks.

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.