Read access on post doesn't give read access to attached media
Is there a way to restrict direct access to medias & make public a post with the attached media?
Right now, only the media ID shows up, unless the read access is set on the entire media collection.
Just checking: You want your posts to have media attached to them for public users, but public users should not be able to directly access the media collection?
You can achieve this by setting the
mediaaccess control to only block public REST and graphql queries while allowing local payload access.
req.payloadApiis either
REST,
GraphQlor
local, you could just add
if (req.payloadApi === 'local') return trueon top of your access rules, and then query your posts with depth >= 1 and it should work
access: { read: ({ req }) => { if (req.payloadAPI === 'local') return true; return false; }, },awesome that worked! thanks @Exo
great! Have fun 🙂
Waoh this is genius for related/nested documents!
The payload devs thought about it all haha!
yeah that's pretty cool to have the internal queries go thru the same logic
I guess the performance takes a big hit, but this is for backend calls I'll be caching
req.collection.Model.modelNamewow I can even make sure the collection calling it matches!
when calling the media directly, the collection is 'media'
pretty cool
Star
Discord
online
Get help straight from the Payload team with an Enterprise License.