I am wondering if there is a way that I can refine the access control for a collection depending if the request is coming from admin panel or not. For example, I want to only allow employee to see their own store information in the admin panel. But allow them to see other store information if they are using front end.
#Refined access control
amber epoch
scarlet stumpBOT
sterile mirage
You could use the req.originalUrl property to get this done (check wether the request from the admin panel or from another source)
But I would advice you (for security & code management reasons) to consider separating the admin users from the front-end users. If you'd do that, you could give you admin users roles for instance, that would give you control over what they can and can not do. While it is also possible to do this in your current definition. It will easily become (unnecessary) complicated when you have too much different responsibilities attached to a single collection.
amber epoch
That is my plan for the moment.
lunar ocean
Ok, so I've dabbled with this quite extensively, and I've come to the conclusion that it's just not the greatest experience trying to limit access control differently on admin panel
Because the url thing doesn't work properly when used as a relation field to another collection and u have to filter instead, which gets even more tedious
What I ended up doing is setting up all access control with Admin panel in mind, and just overriding access with LocalAPI for frontend
(images needed more work, but I was using Cloudflare R2 with a public url, and don't need any access control on front end for them, so it works in my favor as I manipulate stored url in images and pull with that instead of API)
amber epoch
Thank you for the input. Indeed the problem is not an easy solution. In my situation, I am creating a e-commerce platform. I want the admin user for a store should only see their own store infomration in the admin panel. However, when they visit the front end, that limitation should not exist.