Simplify your stack and build anything. Or everything.

Schedule a Demo

USE CASES

Headless CMS Enterprise App Builder Headless E-Commerce Digital Asset Management

FEATURES

Multi-Tenancy White Label Localization Access Control Auth

CASE STUDIES

See what others are building with Payload.

Browse Case Studies

Build tomorrow’s web with a modern solution you truly own.

PAYLOAD IS FOR

Developers Marketing teams Enterprise companies Agencies & Consultancies

COMPARE PAYLOAD

Payload vs WordPress Payload vs Contentful Payload vs Sanity Payload vs Strapi Payload vs Directus

AGENCY TESTIMONIAL

"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."

Become a Partner Find a Partner

Code-based nature means you can build on top of it to power anything.

Resources

Documentation Examples Templates GitHub Releases Blog

Community

Roadmap Discord Community Help

Payload Cloud

Deploy your entire stack in one place with Payload Cloud.

Login Cloud Pricing

It’s time to take back your content infrastructure.

Schedule a Demo

Enterprise Features

SSO AI Auto-Embedding Publishing Workflows Visual Editor Static A/B testing AI features

Customer Stories

Microsoft Blue Origin Hello Bello Mythical Society Tekton

Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case study

Login Get Started

Read access on post doesn't give read access to attached media

TriNutzlast year

10

Is there a way to restrict direct access to medias & make public a post with the attached media?

Right now, only the media ID shows up, unless the read access is set on the entire media collection.

Exolast year
Just checking: You want your posts to have media attached to them for public users, but public users should not be able to directly access the media collection?

You can achieve this by setting the
media
access control to only block public REST and graphql queries while allowing local payload access.
req.payloadApi
is either
REST
,
GraphQl
or
local
, you could just add
if (req.payloadApi === 'local') return true
on top of your access rules, and then query your posts with depth >= 1 and it should work
TriNutzlast year
access: { read: ({ req }) => { if (req.payloadAPI === 'local') return true; return false; }, },

awesome that worked! thanks @Exo
Exolast year
great! Have fun 🙂
Twoxiclast year
Waoh this is genius for related/nested documents!
Exolast year
The payload devs thought about it all haha!
TriNutzlast year
yeah that's pretty cool to have the internal queries go thru the same logic

I guess the performance takes a big hit, but this is for backend calls I'll be caching

req.collection.Model.modelName
wow I can even make sure the collection calling it matches!

when calling the media directly, the collection is 'media'

pretty cool

Continue the discussion in Discord

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.