#Limit the REST api to certain authed collections

4 messages · Page 1 of 1 (latest)

quartz zephyr Mar 18, 2023, 11:25 AM

Hi!

I have two collections that have auth activated:

staff (admin user)
users

The staff can log into the admin interface, users can only login to the app.

Since my app is SSR, I am using the local API for the app, and the REST Api is only used by staff users (through the admin interface).

I was wondering if there is a way on how I could deactivate the REST api for my user collection. This would greatly streamline access control for me.

lunar pebble Mar 18, 2023, 2:01 PM

Hmm not aware of anything specific for global control, does an express app-level middleware function work?

https://expressjs.com/en/guide/using-middleware.html
https://payloadcms.com/docs/authentication/using-middleware

I havent tried this

I don't think this part of the config is exposed to us yet https://payloadcms.com/docs/access-control/overview#default-settings