Simplify your stack and build anything. Or everything.
Schedule a Demo
USE CASES
Headless CMSEnterprise App BuilderHeadless E-CommerceDigital Asset Management
FEATURES
Multi-TenancyWhite LabelLocalizationAccess ControlAuth
CASE STUDIES

See what others are building with Payload.

Browse Case Studies
Build tomorrow’s web with a modern solution you truly own.
PAYLOAD IS FOR
DevelopersMarketing teamsEnterprise companiesAgencies & Consultancies
COMPARE PAYLOAD
Payload vs WordPressPayload vs ContentfulPayload vs SanityPayload vs StrapiPayload vs Directus
AGENCY TESTIMONIAL

"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."

Become a PartnerFind a Partner
Code-based nature means you can build on top of it to power anything.
Resources
DocumentationExamplesTemplatesGitHubReleasesBlogGuides & Tutorials
Community
RoadmapDiscordCommunity Help
Payload Cloud

Deploy your entire stack in one place with Payload Cloud.

LoginCloud Pricing
It’s time to take back your content infrastructure.
Schedule a Demo
Enterprise Features
SSOAI Auto-EmbeddingPublishing WorkflowsVisual EditorStatic A/B testingAI features
Customer Stories
MicrosoftASICSBlue OriginHello BelloTekton
Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case studyBrowse all
LoginGet Started
Community Help

Prevent users from accessing admin panel

default discord avatar
mosattler2 years ago
9

How do i define which loged in users can access the admin, and which cannot?



Do I need two seperate user collections (one for admin, one for regular user), or can I add a flag to my user collection for indicating admins?

  • discord user avatar
    jacobsfletch
    2 years ago

    Would

    access.admin

    work for you?

    https://payloadcms.com/docs/access-control/collections
  • default discord avatar
    mosattler2 years ago
    @808734492645785600

    this makes me think that i need two seperate collections for users and for admins, is that correct?



    (as in, i can "assign" one collection to be the admin collection, and I cannot make this assignment on a per-user level)

  • discord user avatar
    jacobsfletch
    2 years ago

    You could still use a single collection and implement role or user-based access control



    You can either assign a roles select field on the user and check that in your access control function, here's example of that

    https://github.com/payloadcms/template-ecommerce/blob/main/src/access/admins.ts

    Or go even simpler and just add a checkbox to the user and check

    that
  • default discord avatar
    mosattler2 years ago
    @808734492645785600

    that is super helpful. thansk a bunch!



    sorry

    @808734492645785600

    - one more question regarding this. How do i limit the access to the admin pabel based on a checkbox like that?



    as in, I dont want normal users being able to login in

    /admin
  • discord user avatar
    jacobsfletch
    2 years ago

    Add a

    canAccessAdmin

    checkbox field to the user collection and then in your

    access.admin

    hook, do something like this:


    export const admins: Access = ({ req: { user } }) => user.canAccessAdmin
  • default discord avatar
    mosattler2 years ago

    makes sense, but what i dont quite understand is where to use the

    const Admins

    of your example after I defined it.

  • discord user avatar
    jacobsfletch
    2 years ago

    On your user collection, like this:



    {
  slug: 'users',
  auth: true,
  access: {
    admin: admins
  }
}
  • default discord avatar
    mosattler2 years ago

    ahhh



    i really missed the obvious here, didnt I



    thank you so much!

  • discord user avatar
    jacobsfletch
    2 years ago

    No prob!

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.