I have two collections that have auth activated:
- staff (admin user)
The staff can log into the admin interface, users can only login to the app.
Since my app is SSR, I am using the local API for the app, and the REST Api is only used by staff users (through the admin interface).
I was wondering if there is a way on how I could deactivate the REST api for my
collection. This would greatly streamline access control for me.
Hmm not aware of anything specific for global control, does an express app-level middleware function work?
I havent tried this
I don't think this part of the config is exposed to us yethttps://payloadcms.com/docs/access-control/overview#default-settings
The middleware could do the trick - thank you!
Get help straight from the Payload team with an Enterprise License.