KeystoneJS 6 Hide and Restrict field in schema
I have a data schema named Booking in my KeystoneJS app. The Docsexplain in a broad term, but examples for an individual field access is still confusing. Here is my example with permissions, access, etc.
Access
- Customer: Can only view their certain booking
canViewBookings. - Employees Can update booking assigned to them.
How I set the access for the whole Booking schema
access: {
filter: {
query: rules.canViewBookings,
update: rules.canManageBookings,
delete: () => false,
},
operation: {
create: permissions.canManageBookings,
query: permissions.isLoggedIn,
update: permissions.isLoggedIn,
delete: () => false,
}
},
No Permissions Set
Currently both Customer and Employee can view all fields on the Booking schema.
Secret Notes Field
I created a secretNotes field for recording booking/client specific notes that we don't want the Customer to see. Here we use
access: { read: ...: to not allow the data to be queriedfieldMode: to hide the field in the KeystoneJS UI
secretNotes: text({
ui: {
description: 'notes only visible between management and employees. NOT the customer',
displayMode: 'textarea',
itemView: {
fieldMode: ({ session, context, item }) => permissions.canManageBookings({session}) ? 'edit': 'hidden',
},
},
access: {
read: ({ session, context, listKey, fieldKey, operation, item }) => permissions.canManageBookings({session})
}
}),
Almost but not quite
Just having the access: { read: ... hides the data inside the secreNotes field (and prevents frontend from accidental query) but still leaves the label to that input letting the Customer know that we keep secrets 🤫
Completely Hidden
Adding fieldMode: ({ session, context, item }) => permissions.canManageBookings({session}) ? 'edit': 'hidden', dynamically tells the Keystone UI to either show or hide the entire field depend on permissions
