Field Access Control is specified with functions inside a field's config. All field-level Controls return a boolean value to allow or deny access for the specified operation. No field-level Access Controls support returning query constraints. All Access Control functions accept one args argument.
| Function | Purpose |
|---|---|
create | Allows or denies the ability to set a field's value when creating a new document |
read | Allows or denies the ability to read a field's value |
update | Allows or denies the ability to update a field's value |
Example Collection config:
export default {slug: 'posts',fields: [{name: 'title',label: 'Title',type: 'text',access: {create: ({ req: { user } }) => { ... },read: ({ req: { user } }) => { ... },update: ({ req: { user } }) => { ... },},};],}
Returns a boolean which allows or denies the ability to set a field's value when creating a new document. If false is returned, any passed values will be discarded.
Available argument properties:
| Option | Description |
|---|---|
req | The Express request object containing the currently authenticated user |
Returns a boolean which allows or denies the ability to read a field's value. If false, the entire property is omitted from the resulting document.
Available argument properties:
| Option | Description |
|---|---|
req | The Express request object containing the currently authenticated user |
id | id of the document being read |
Returns a boolean which allows or denies the ability to update a field's value. If false is returned, any passed values will be discarded.
Available argument properties:
| Option | Description |
|---|---|
req | The Express request object containing the currently authenticated user |
id | id of the document being updated |