I am playing around with the multi-tenant example in the repo, I am just logging in with user@abc.com with the password test and whenever I do it just says the following in the mage:

Maybe this is intended?

if so is

user

just suppose to be for what then?

because it does say that users should be able to read the pages

but i cant even access them lol

k4a4s2 years ago
The user can’t access the admin panel right? Try querying the api direct with a token for this user
_headless2 years ago
yes the user can't access the panel

if i do a api page check

I can access it
k4a4s2 years ago
That’s intended. See the admin configuration on the users collection
adnly2 years ago
HI,

The user can access the data through api page check the same way they would through front end api call.

I think that they are here to play with postman or another testing API application so you can confirm what the final user would get access to after implementing the front end.

markatomniux2 years ago

The user collection contains a access control field called

admin

dictates the conditions that need to be met for an authenticated used to access the admin panel. isSuperOrTenantAdmin is the code that controls this.

export const isSuperOrTenantAdmin = async (args: { req: PayloadRequest }): Promise<boolean> => {
  const {
    req,
    req: { user, payload },
  } = args

  // always allow super admins through
  if (isSuperAdmin(user)) {
    return true
  }

  if (logs) {
    const msg = `Finding tenant with host: '${req.headers.host}'`
    payload.logger.info({ msg })
  }

  // read `req.headers.host`, lookup the tenant by `domain` to ensure it exists, and check if the user is an admin of that tenant
  const foundTenants = await payload.find({
    collection: 'tenants',
    where: {
      'domains.domain': {
        in: [req.headers.host],
      },
    },
    depth: 0,
    limit: 1,
  })

  // if this tenant does not exist, deny access
  if (foundTenants.totalDocs === 0) {
    if (logs) {
      const msg = `No tenant found for ${req.headers.host}`
      payload.logger.info({ msg })
    }

    return false
  }

  if (logs) {
    const msg = `Found tenant: '${foundTenants.docs?.[0]?.name}', checking if user is an tenant admin`
    payload.logger.info({ msg })
  }

  // finally check if the user is an admin of this tenant
  const tenantWithUser = user?.tenants?.find(
    ({ tenant: userTenant }) => userTenant?.id === foundTenants.docs[0].id,
  )

  if (tenantWithUser?.roles?.some(role => role === 'admin')) {
    if (logs) {
      const msg = `User is an admin of ${foundTenants.docs[0].name}, allowing access`
      payload.logger.info({ msg })
    }

    return true
  }

  if (logs) {
    const msg = `User is not an admin of ${foundTenants.docs[0].name}, denying access`
    payload.logger.info({ msg })
  }

  return false
}

If your user does not meet any of these conditions, they wont be allowed access to the admin panel

_headless2 years ago
Gotcha, I was just confused haha. Thanks then!

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.