i have a collection called players with auth enabled. when logging in, i get a user object back with fields excluded like expected by access control settings set in the collection.
however, if i call the /Me endpoint, i get a full user object back. why does this happen or is this intended?
also i noticed that by the collection unused fields are send with as well, is there an option to change this ?
1. That is interesting - @patrikkozak can you repro this?
2. Can you clarify what you mean by "unused fields" my gut feeling is you are looking for something like graphql
with unused fields i mean for example a field that was renamed but exists in the db collection. i would have assummed all properties returned fromm the db would be filtered for those that exists in the defined collection.
to reproduce have a field with a value in it, rename it ( now you have 2 , the old one and new one , old one only exists in db ) , fill that field.
now do /me or login request. fields not mentioned in the collection definition for payload will be sent with.
im filtering the responses now in hooks
When you change a field config, we do not mutate your data. It’s up to you to migrate your data to the new field if you would like - or just keep both until you are ready to write a migration script to remove the old data. This is the expected behavior from payload, nature of nosql too
im not talking about the issue of migrating data, thats besides the point. what im talking about is that, in my mind the definition of the collection in payload should decide what fields the api returns, however it returns fields that are not defined in the config but exist only in the db.. fields which exist only there, need to be specifically defined to be excluded without doing so manually in hooks
i thought the config to be inklusive for api returns, however its rather exklusive
and me endpoint seems to return even less filtered results but as mentioned, can be handled as well in hooks
Get help straight from the Payload team with an Enterprise License.