Read access on post doesn't give read access to attached media

TriNutz

last month

10

• 

  Exo

  last month

  Just checking: You want your posts to have media attached to them for public users, but public users should not be able to directly access the media collection?

  
  
  

  You can achieve this by setting the

  media

  access control to only block public REST and graphql queries while allowing local payload access.

  req.payloadApi

  is either

  REST

  ,

  GraphQl

  or

  local

  , you could just add

  if (req.payloadApi === 'local') return true

  on top of your access rules, and then query your posts with depth >= 1 and it should work

• 

  TriNutz

  last month

  access: { read: ({ req }) => { if (req.payloadAPI === 'local') return true; return false; }, },
  

  
  

  awesome that worked! thanks @Exo

• 

  Exo

  last month

  great! Have fun 🙂

• 

  Twoxic

  last month

  Waoh this is genius for related/nested documents!

• 

  Exo

  last month

  The payload devs thought about it all haha!

• 

  TriNutz

  last month

  yeah that's pretty cool to have the internal queries go thru the same logic

  
  

  I guess the performance takes a big hit, but this is for backend calls I'll be caching

  
  

  
  

  req.collection.Model.modelName
  

  wow I can even make sure the collection calling it matches!

  
  

  
  

  when calling the media directly, the collection is 'media'

  
  

  
  

  pretty cool