I created an activity log by creating a new content-type and then inserting a row when users CRUD on other contents (via lifecycle hooks).
I want to make that the Log content is read only to protect the data. Is there a configuration trick I could use?
1 Like
You can set the User Permissions to only read that content type. Go to Roles & Permissions, click on the “Public” role, and for your specific content type check off all of the checkboxes except the find and/or findOne. You can also check the count if you use it in your implementation.
1 Like
I was referring to make them read-only no all non super admin users. That way editors and authors wouldn’t be able to change the log.
Hey @fabimc,
This is not possible in CE (assuming you are using). Check out this discussion thread and also the linked github Issue.
So upgrading to EE will allow you to do this in the Admin panel.
But maybe you could disable it (with a workaround) in the beforeUpdate lifecycle hook.
You could throw an error which should disable you from updating entries from either Admin panel or endpoints.
Thanks @MattieBelt, I could use a hint on how to prevent a delete or update in a lifecycle hook. Until now, I only use those hooks for extra logging, but not to mess the the actual action. Any pointers?
async beforeUpdate(data, model) {
try {
if (model.updated_by != 1) {
throw('You dont have access to update')
}
} catch (error) {
throw error;
}
},
Where model.updated_by contains the user id. So only my id is accepted, id 1.
2 Likes
So in general, throwing errors in “before” lifecycles should stop the transaction.
Yes, transaction is stoped if you throw an error.
Note: updated_by is not available in delete lifecycles, so you can apply that logic only for updates.