How to differentiate server requests from frontend requests for Access Control
I tried doing this, but requests from the frontend have the same urls as the ones made directly from the payload dashboard.
I think the APIs share the same REST pattern when making calls, what is the use case for differentiating here?
The client I'm building for doesn't want a user who is not a super admin to be able view some collections on the payload dashboard, it should only be accessible from the custom frontend I'm building.
You can specify what a user can view via admin access control I believe
Let me double check
@haniel.u Collections can take an "admin" object, that has some options, including "hidden"
admin: { useAsTitle: "positionTitle", group: "Careers", hidden: (req) => !isHR(req.user), },I copied that from myh project, but isHR is a function that checks the user role (in my case if they are HR)
But I think that is what you want?
Yes
That's it exactly!!
Let me know if that works for you! Otherwise happy to help troubleshoot
I will, Thank you so much
No problem, good luck!
It's really not working as expected
Am I doing it wrong?
Hmm
It hides it
return !user.roles.includes("super_admin")Is that what youre doing?
yeah
And Feed Posts should be hidden from the sidebar for non admins
?
And It's hides it regardless of if the role is there or not
Yeah
Oh weird
Can you log user.roles
I can't even log user
Undefined?
Nothing happens
yeah I probably
ok one sec
Wait probably?
You're saying you cant even log console.log('test')
yes
and have it show up?
That means the control isn't getting hit hmm
I mean it works if I do this, just that nothing gets logged to the console
You would see the log if that was being parsed
So that's concerning
you're checking your app log right
Not the browser
yeah
can you throw an error out of curiosity
throw new Error('test')
lemme try
ohhh
oh
ohhhh
It's being logged in the browser
Ohhhh
no 'roles' field
why is that?
i jave no idea
Did you configure one on the admin collection?
I configured many others too
It's just the basic one
Can I see the one on the admin collection
I wonder if I have to savetoJwt
i mean, that would expose it, but access should have still picked it up
But this isn't access
I do in my example, here's mine
This is admin
{ name: "role", type: "select", hasMany: true, saveToJWT: true, defaultValue: "none", options: [ { label: "None", value: "none", }, { label: "Super Admin", value: "superAdmin", }, { label: "User Admin", value: "userAdmin", }, { label: "CMS Admin", value: "cmsAdmin", }, ], },yeah
Makes sense
Lets try that
Yup that works
Thank you so much for your help!
WOOT!
Of course, let us know if anything else comes up
Have a good one 😄
You too!
It was the
saveToJWTthat you were missing, just for clarity!
Continue the discussion in Discord
Star
Discord
online
Get help straight from the Payload team with an Enterprise License.