Access Control Challenge in the frontend

[matthijs166]

I wanted to share some updates and challenges we've encountered with payload access control and frontend display for our partner pages. Here's a brief overview of the situation:

Partner Pages: Currently, we have a collection of partner pages with public read access. The roles involved are guest, admin, and partner. Partners should have the ability to edit only their respective pages.

Admin Panel Behavior: In the admin panel, partners can see and edit only their own partner page, which is working as expected. The read hook is set to true for partners only when it's their own page, ensuring they can view it and keep the admin interface clean.

Frontend Display Challenge: The challenge arises when partners access the frontend. With this approach, it also hides the partner pages from other partners on the frontend, making it impossible to view each other's pages when the partner is logged in.

We are looking for your insights on how to optimize this scenario. Specifically, we aim to allow partners to see only their own pages in the admin panel while ensuring that in the frontend, logged-in partners can see all partner pages.

Any suggestions, best practices, or guidance on how to solve this the cleanest way possible?

I'm thinking about setting a header in the frond end and adding an extra check in the access control, but I'm not really feeling this approach.

[matthijs166]

This can now be achieved with the baseListFilter prop on the collection config.