Is there a way to hide a particular collection from admin sidebar for certain users?
you can do it changing the access to the collection and limit the read function to certain users roles:
Docs:
https://payloadcms.com/docs/access-control/collectionsHere the example:
If a user doesn't have the right access, payload doesn't show the collection
I just wanted to hide the collection from the admin, not restrict access. Didn't express myself correctly.
Just found the solution on another post. Just add css to hide that element, for example, here I'm hiding users collection:
.dashboard__card-list li:has(#card-users), #nav-users { display: none; }
Is there a way to achieve this dynamically, depending on the users role? I'd like specific collections to be only visible for admins
I think this is what you are looking for.
https://www.youtube.com/watch?v=DoPLyXG26Dg&t=483sUnfortunately not, I don't want to restrict access, just hide the collection from the dashboard and sidebar
I see 🤔
It would be cool to see visibility controls on the admin config for a global/collection that would handle this by role
admin: {
group: "Pages",
visibility: [Users] // or role property on a user collection?
},
Yes 100%, I’d love to see a similar pattern as with access control, it’s super dope!
You can dynamically hide collections and globals from the admin outside of access control also using
admin.hidden
as a function.
admin: {
hidden: ({ user }) => user.role !== 'admin',
},
Something like that will work, assuming you have a
role
property on your users.
@1049775120559898725
@962537363983196240
@494333401264947218
@706208036439588934
I'm tagging you because I am sad nobody knew this.
Yoooo
@969226489549713438the man saving the day
Haha maybe that’s the only disadvantage of a great community, you’re always tempted to just post a question in the forum instead of really getting your hands dirty first
Even easier: in the CollectionConfig, just add
admin: { hidden: true }
Quick question regarding this. Contrary to access control, the user object only contains info that is stored in JWT, not the full user data. On purpose?
I do think the user should be the full user object. It's been this way for a long time, but it does seem like a bug.
would it be also possible to get the collection config within those function (access function and admin -> hidden) when loading a list?
The collections config is only available if I start editing an entry.
But I need it before to check if my user is allowed to access this colleciotn
I'm confused what you mean when you say you need to check if the user is allowed to access the collection. That'd be up to your access functions which the admin UI already removes automatically. This hidden property is only meant to be used when access control is permitted on API calls, but isn't meant to be used in the admin interface
Also I didn't add the config because it's self referencing from the place in your code that it is defined anyways. It didn't seem likely to be useful. Maybe I'm not thinking of this in the right way. I'm not opposed to adding it off there something I am missing, of course.
Sharing the docs link for people to reference:
https://payloadcms.com/docs/configuration/collections#admin-optionsgood morning ☀️
I‘m understanding your points.
I‘ll add an example later on, so you’ll maybe understand my question🤝
I'll try to explain:
I have a muli-site admin.
My user can have different roles for the sites (e. g. admin for site1 and editor for site2). But I need different post-collection for my sites. So maybe user1 should be able to access posts for site1 but not posts for site2. And so he should not be able to see collection for page2.
Within my collection I got a field called "site" where the id of the used site will be stored (otherwise I'd add a custom property within the collections config to check this)
So I'd like to set hidden and my access properties to false by checking the user and the collections properties.
Is this more clear for you?
Otherwise I can also add my complete collection config 😄
I'm still not following. You're saying your users have roles to sites and that the collection has a relationship to the site. These are both data driven values, not hard-coded in your collection config. The collection config itself isn't determining if it belongs to site1 or site2. That all tells me you need good access control methods on your posts collection.
A user needs to see posts in the admin UI. How is it going to work if
admin.hidden
is
true
? They can't navigate to the collection list at all if that is the case.
Whereas with
access
, you can return a query where posts are in the sites that the user has enabled roles.
okay 🙈
It seems that I'll have to investigate and test my request a bite more before answering you. I'll take a look and come back to you later on
Beautiful! I can't seem to get this to work on a user.roles array, though. I thought to try something like:
hidden: ({ user }) => user.roles.includes() !== 'admin',
But I ended up down a rabbit hole of typescript errors. Which I'm just not skilled enough to understand.
Do you have a suggestion or two on how I might go about this?
I'll see if we can improve the type for user from Payload. In the meantime you can do if ore the ts error or use
(user as any).roles
the includes function takes a value, so you would want to do
!user.roles.includes('admin')
ah yes of course, that's what I meant! covid brain strikes again. The type errors still catch me out, but
@969226489549713438s solution does the trick.
Star
Discord
online
Get dedicated engineering support directly from the Payload team.