Limit the REST api to certain authed collections
Hi!
I have two collections that have auth activated:
- staff (admin user)
- users
The staff can log into the admin interface, users can only login to the app.
Since my app is SSR, I am using the local API for the app, and the REST Api is only used by staff users (through the admin interface).
I was wondering if there is a way on how I could deactivate the REST api for my
usercollection. This would greatly streamline access control for me.
Hmm not aware of anything specific for global control, does an express app-level middleware function work?
https://expressjs.com/en/guide/using-middleware.html
https://payloadcms.com/docs/authentication/using-middlewareI havent tried this
I don't think this part of the config is exposed to us yet
https://payloadcms.com/docs/access-control/overview#default-settingsThe middleware could do the trick - thank you!
Continue the discussion in Discord
Star
Discord
online
Get help straight from the Payload team with an Enterprise License.