Where can I find the access config for built-in user collection?
Would like to know what is exposed...
#Access Configuration for Built-In User Collection
maiden dewBOT
keen swan
glass mantle
Hey @ivory badge
Walk me through what you want to see here
ivory badge
Hey
glass mantle
How do you mean "What is exposed"?
ivory badge
Was wondering how access for user collection is configured
Is it something like AdminOrSelf?
Or what is default?
glass mantle
I think you mean specifically for the case where the user doesn't describe their own distinct User collection?
ivory badge
I noticed it's different from any other collection
ivory badge
I think you mean specifically for the case where the user doesn't describe their...
Yeah
glass mantle
Okay, one sec, let me find it
ivory badge
As far as I know, collections are accessible (read) by anyone by default
This doesn't seem to apply to user collection
Which makes sense obviously
glass mantle
collections are accessible by anyone by default
So, typically, default access controls on collections/globals are equivalent to(req: { user }) => Boolean(user)
Or in plain English: If you are logged in, you have access
It may be different for User collection though, let me check
ivory badge
Thanks
I am curious what would happen if I add a new field called avatar for example:
{
name: 'avatar',
type: 'upload',
label: 'Avatar',
relationTo: 'userAvatars',
}Access wise
Would this only be accessible by owner and admins or anyone?
That's what I am looking for...
glass mantle
This is the default users collection: https://github.com/payloadcms/payload/blob/main/packages/payload/src/auth/defaultUser.ts
I think just the default access check is applied to it as well
glass mantle
I am curious what would happen if I add a new field called `avatar` for example:...
Is this like in the context of a plugin?
Because it so, you could make it so that the field itself is customizable by letting users define overrides
So they can customize how the access should work