Skip to content

[BACKEND] Add role and access control to users collection #8

Open
Feature
Open
[BACKEND] Add role and access control to users collection#8
Feature
Labels
featureNew feature being worked ongood first issueGood for newcomers
@aleckshen

Description

@aleckshen
aleckshen
opened on Apr 6, 2026

Is your feature request related to a problem? Please describe

The Users collection has no way to distinguish between admins and regular users, meaning anyone with an account has the same level of access to data and the admin panel.

Describe the solution you'd like

Add a role field to the Users collection and implement access control across the board.

1. Create src/payload/access/isAdmin.ts — a reusable helper that returns true if the logged-in user has the admin role.

2. Add a role field to src/payload/collections/Users.ts:

Field Type Required Notes
role select yes Options: admin / user, defaults to user. Only admins can update this field.

3. Add collection-level access control to Users:

Operation Rule
create Anyone (open registration)
read Admins can read all; users can only read their own profile
update Admins can update all; users can only update their own profile
delete Admins only

4. Lock the admin panel — update the admin config so the panel is hidden from non-admin users.

Describe alternatives you've considered

No alternatives considered — role-based access is a standard requirement for any multi-user system with an admin panel.

Additional context

Ref: https://payloadcms.com/docs/access-control/overview

BEFORE MERGING

  • Code generation run (hint: pnpm typegen)
  • PR Reviewed (For non-trivial changes)
  • All required PR checks passing

Metadata

Metadata

Assignees

No one assigned

    Labels

    featureNew feature being worked ongood first issueGood for newcomers

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions