Differentiate admin queryset and api

ngurajeka

4 months ago

I have a collection "blog_posts", this collection contains data from each user by a field created_by which a relationship to users collection.

On the frontend, the users will only see their blog post (filtered by created_by and req.user.id).

But in the admin panel, i want that the superadmin to be able to see all of the posts.

Also, when the superadmin access it from the frontend it will behave as a regular user.

Can we achieve this in payload cms?

We've been playing with the

collection.access.read

but it seems the last requirement seems hard to implement, or am i missing something? is there anyway that we can differentiate the request from admin or the frontend?

jarrod69420
4 months ago
Can you use the req.host to determine where the request is coming from, if it's from the admin panel then allow super admins to view all. If its from another domain, apply only the user logic?
ngurajeka
4 months ago
Hi @jarrod69420 thank you for the reply. Didn't think of it before, i'll try to implement this.

But also it would be nice if there's some hooks or middleware that built-in in payload.
jarrod69420
4 months ago
I think that’s the good thing about payload, it’s not filled with features that most users don’t need. Instead it exposes things that allow you to do what
you
need
ngurajeka
4 months ago
Btw, i took your advice and its working. But i'm using the referer header not the hostname.

Open the post

Continue the discussion in Discord

Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.