[{"data":1,"prerenderedAt":422},["ShallowReactive",2],{"footer-primary":3,"footer-secondary":93,"footer-description":119,"technically-im-lost-technically-access-control":121,"technically-im-lost-technically-access-control-next":-1,"sales-reps":170},{"items":4},[5,29,49,69],{"id":6,"title":7,"url":8,"page":8,"children":9},"522e608a-77b0-4333-820d-d4f44be2ade1","Solutions",null,[10,15,20,25],{"id":11,"title":12,"url":8,"page":13},"fcafe85a-a798-4710-9e7a-776fe413aae5","Headless CMS",{"permalink":14},"/solutions/headless-cms",{"id":16,"title":17,"url":8,"page":18},"79972923-93cf-4777-9e32-5c9b0315fc10","Backend-as-a-Service",{"permalink":19},"/solutions/backend-as-a-service",{"id":21,"title":22,"url":8,"page":23},"0fa8d0c1-7b64-4f6f-939d-d7fdb99fc407","Product Information",{"permalink":24},"/solutions/product-information-management",{"id":26,"title":27,"url":28,"page":8},"63946d54-6052-4780-8ff4-91f5a9931dcc","100+ Things to Build","https://directus.io/blog/100-tools-apps-and-platforms-you-can-build-with-directus",{"id":30,"title":31,"url":8,"page":8,"children":32},"8ab4f9b1-f3e2-44d6-919b-011d91fe072f","Resources",[33,37,41,45],{"id":34,"title":35,"url":36,"page":8},"f951fb84-8777-4b84-9e91-996fe9d25483","Documentation","https://docs.directus.io",{"id":38,"title":39,"url":40,"page":8},"366febc7-a538-4c08-a326-e6204957f1e3","Guides","https://docs.directus.io/guides/",{"id":42,"title":43,"url":44,"page":8},"aeb9128e-1c5f-417f-863c-2449416433cd","Community","https://directus.chat",{"id":46,"title":47,"url":48,"page":8},"da1c2ed8-0a77-49b0-a903-49c56cb07de5","Release Notes","https://github.com/directus/directus/releases",{"id":50,"title":51,"url":8,"page":8,"children":52},"d61fae8c-7502-494a-822f-19ecff3d0256","Support",[53,57,61,65],{"id":54,"title":55,"url":56,"page":8},"8c43c781-7ebd-475f-a931-747e293c0a88","Issue Tracker","https://github.com/directus/directus/issues",{"id":58,"title":59,"url":60,"page":8},"d77bb78e-cf7b-4e01-932a-514414ba49d3","Feature Requests","https://github.com/directus/directus/discussions?discussions_q=is:open+sort:top",{"id":62,"title":63,"url":64,"page":8},"4346be2b-2c53-476e-b53b-becacec626a6","Community Chat","https://discord.com/channels/725371605378924594/741317677397704757",{"id":66,"title":67,"url":68,"page":8},"26c115d2-49f7-4edc-935e-d37d427fb89d","Cloud Dashboard","https://directus.cloud",{"id":70,"title":71,"url":8,"page":8,"children":72},"49141403-4f20-44ac-8453-25ace1265812","Organization",[73,78,84,88],{"id":74,"title":75,"url":76,"page":77},"1f36ea92-8a5e-47c8-914c-9822a8b9538a","About","/about",{"permalink":76},{"id":79,"title":80,"url":81,"page":82},"b84bf525-5471-4b14-a93c-225f6c386005","Careers","#",{"permalink":83},"/careers",{"id":85,"title":86,"url":87,"page":8},"86aabc3a-433d-434b-9efa-ad1d34be0a34","Brand Assets","https://drive.google.com/drive/folders/1lBOTba4RaA5ikqOn8Ewo4RYzD0XcymG9?usp=sharing",{"id":89,"title":90,"url":8,"page":91},"8d2fa1e3-198e-4405-81e1-2ceb858bc237","Contact",{"permalink":92},"/contact",{"items":94},[95,101,107,113],{"id":96,"title":97,"url":8,"page":98,"children":100},"8a1b7bfa-429d-4ffc-a650-2a5fdcf356da","Cloud Policies",{"permalink":99},"/cloud-policies",[],{"id":102,"title":103,"url":81,"page":104,"children":106},"bea848ef-828f-4306-8017-6b00ec5d4a0c","License",{"permalink":105},"/bsl",[],{"id":108,"title":109,"url":81,"page":110,"children":112},"4e914f47-4bee-42b7-b445-3119ee4196ef","Terms",{"permalink":111},"/terms",[],{"id":114,"title":115,"url":81,"page":116,"children":118},"ea69eda6-d317-4981-8421-fcabb1826bfd","Privacy",{"permalink":117},"/privacy",[],{"description":120},"\u003Cp>A composable backend to build your Headless CMS, BaaS, and more. \u003C/p>",{"id":122,"slug":123,"vimeo_id":124,"description":125,"tile":126,"length":127,"resources":8,"people":8,"episode_number":128,"published":129,"title":130,"video_transcript_html":131,"video_transcript_text":132,"content":8,"status":133,"episode_people":134,"recommendations":159,"season":160,"seo":169},"b696b1c5-75ae-430f-9c5d-a00deaf8defb","technically-access-control","962588514","What happens when a non-technical person attempts to get technical? In episode 2 of Technically I'm Lost (TIL), non-technical marketer Matt attempts to set-up roles and permissions for a partner directory from scratch, with help from resident Directus expert Bryant. ","76d08d20-6c8c-427e-839f-9d912b1c62b3",62,2,"2024-07-24","Access Control","\u003Cp>Speaker 0: Everybody, welcome back to the part 2 of Technically, I'm Lost, t I l. As, again, you're probably joining us from the last episode. I'm Matt, and this is Bryant. Put a little French spin on it today. If you've watched part 1, if are we gonna did I just cut you off?\u003C/p>\u003Cp>Speaker 1: I no. No. It's okay. I was gonna say do I look French to you? But\u003C/p>\u003Cp>Speaker 0: We'll have to ask, Alex Chopin, our director of engineering from France. I digress. But yeah. So if you watched part 1, if you haven't, you're probably confused. We suggest you go watch part 1, because this is part 2 of part 1.\u003C/p>\u003Cp>But, part 1, we are building a partner directory for us to use with our current partners. In that first episode, we planned out, how it was all gonna look, and we built out the form, which I can actually pull up my screen here and show you kind of how far we've gotten along. So, we I will say I, with the help of Bryant, me being a nontechnical person, learning directors for the first time, set up, this initial form in here. So we were able to set up, you know, point of contact, some information about the actual agency themselves, what they specialize in, with the drop down, partner logos, and we had, these projects, here as well as as this. So the general idea just to catch you up, is we wanna create a partner directory on the director's website for our partners, and this is the back end to get that whole thing running.\u003C/p>\u003Cp>So where we left off last time, Brian, do you remember?\u003C/p>\u003Cp>Speaker 1: Yeah. Yeah. Kind of. No. I I think what we need to do now, Daniel, like, we've got our agency partner collection configured.\u003C/p>\u003Cp>That's looking nice. We need to go through and create the actual projects that we want them to add. So what's a data model look like for that? And then we need to scope a role for our partners. So, they can only edit their content and only, like, the agency partners and the project's collections.\u003C/p>\u003Cp>Speaker 0: Great. Okay. So let's start with that part 1. So the projects, to give you a little background on how we're thinking about this. So when somebody comes to, you know, direct style slash partners, they'll filter down on country and specialization.\u003C/p>\u003Cp>By then, they'll find an agency they like. They click on them, and then that page will have a showcase of the projects that that agency has done with Directus. So we'll need to create that collection, as you mentioned. What's a good starting point for this? Is it just diving in?\u003C/p>\u003Cp>Is it a little bit of planning your strategic approach to this? Or what do you think?\u003C/p>\u003Cp>Speaker 1: I I mean, I I think at a high level, you wanna know what what goes on a project or or, like, what form feels, like, what are we gonna display when you click into a project. Mhmm. You know, if I'm imagining it, like, you've got an agency page where you're you're surfacing all these projects, maybe, like do we have an extra page for each project as well? So I can I'm on the agency page. I see a list of their recent projects.\u003C/p>\u003Cp>I click in the project, and I get, like, a a mini case study type of thing, or we're gonna show those in a model, like, a pop up window. How what do we we wanna do there?\u003C/p>\u003Cp>Speaker 0: I think it would be good to have a page. I like what you said about, like, a mini case study page. So maybe we'll have, like, the a scroller here of, like, they can go back and forth for, like, images of the actual website. And then\u003C/p>\u003Cp>Speaker 1: I don't like it.\u003C/p>\u003Cp>Speaker 0: You don't like it?\u003C/p>\u003Cp>Speaker 1: I I want a grid. I don't like it. Give me a grid of projects.\u003C/p>\u003Cp>Speaker 0: A grid. Wait for the individual project.\u003C/p>\u003Cp>Speaker 1: Oh, no. No. No. For the individual projects, I I'm thinking well, you got, like, an image gallery. I I'm thinking like a grid still.\u003C/p>\u003Cp>Speaker 0: Big grid guy.\u003C/p>\u003Cp>Speaker 1: Yeah. Let me I'm gonna share. I'm gonna share a link.\u003C/p>\u003Cp>Speaker 0: Let me share.\u003C/p>\u003Cp>Speaker 1: This is, again, this is the agent c OS link. So this is a sample starter kit project that that I put together, to showcase what you could do with Directus. Let me I guess I could put it in the chat here instead of our team comps.\u003C/p>\u003Cp>Speaker 0: Alright. Let me pull this up over here.\u003C/p>\u003Cp>Speaker 1: This is not a a like, the text doesn't really jive here, but, you know, you've got, like, a a title for the project. You got, like, a summary, then you have some content, and then you have an image gallery that, you know, if you click on one of those images, then you could cycle through.\u003C/p>\u003Cp>Speaker 0: Wow.\u003C/p>\u003Cp>Speaker 1: Instead of, like, a instead of a carousel on the actual page, show a grid. And then you have some metadata, like, hey. What's the client? What's it built with? What's the cost?\u003C/p>\u003Cp>I I don't know if we wanna probably omit that for this. You know? Would be nice to show, like, what it was built with. Those could just be, like, tags. So this is kinda what I'm envisioning.\u003C/p>\u003Cp>You know, the the header there is probably not it doesn't really jive with, like, the direct as brand guidelines. So we'd probably do something different. But, you know, I I think at a high level, you got a title, a short summary of the project. You've got a featured image for the project. You have some content, in case they wanna expand or go into as much detail as they want to.\u003C/p>\u003Cp>And then there's probably, like, the the content would probably be, like, text. Right? Mhmm. And then the yeah. And then you could have, like, a separate gallery if you wanted to.\u003C/p>\u003Cp>Speaker 0: Separate gallery.\u003C/p>\u003Cp>Speaker 1: And then, you know, like, some tags for what it was built with, like front end type of stuff, I guess. Like, hey. Is it built with Next? Is it built with Next? I I don't know.\u003C/p>\u003Cp>I don't know if that's necessary either.\u003C/p>\u003Cp>Speaker 0: Okay. I like this. So, yeah, so we would create a collection with these different items inside of Directus. Last time, if you can refresh my memory, when we created the projects here, this was a one to mini or a mini to 1?\u003C/p>\u003Cp>Speaker 1: So it depends on where you're at. Right? Those are 2 inverse relationships. If you are a for this example, if we're on the agency partner, projects would be a one to many relationship because I've got one agency, many projects. But if I'm inside projects, it's the reverse.\u003C/p>\u003Cp>Right? I've got, one project or, actually, I'm sorry. Is it many projects to one agency, basically.\u003C/p>\u003Cp>Speaker 0: Yeah. That makes sense.\u003C/p>\u003Cp>Speaker 1: Like a project can only have belong to a single agency is what I'm trying to say.\u003C/p>\u003Cp>Speaker 0: That makes sense. So we'd have this is the one to many from the agency side. So if we go here, this would be the many to 1.\u003C/p>\u003Cp>Speaker 1: Yep. So what you're gonna have to do here is go into our data model for projects because we we didn't add any fields for that.\u003C/p>\u003Cp>Speaker 0: Mhmm. Where is our here. So from the agency side, if if I click here, this will take me\u003C/p>\u003Cp>Speaker 1: automatically there.\u003C/p>\u003Cp>Speaker 0: It's over here. Great. So just like we did last time, you know, obviously, going through, filling out these fields. Title, I assume, would be just a standard input field. Title, String.\u003C/p>\u003Cp>Speaker 1: There you go.\u003C/p>\u003Cp>Speaker 0: I mean, required, obviously. Project title, let's see. The name of the client, input project client. And,\u003C/p>\u003Cp>Speaker 1: again, I would probably just do, like, client name. Right? Because there's, like, where else are you using client name? You're not.\u003C/p>\u003Cp>Speaker 0: Naming conventions. I'm about to get open that can of worms. So short summary. Would you use an input field, or would you use a text area field? Or\u003C/p>\u003Cp>Speaker 1: Text area for sure. No wysiwyg. I don't wanna deal with rendering HTML or, stripping out HTML. I I just want, like, a short description to display on a card or in a heading.\u003C/p>\u003Cp>Speaker 0: And if I'm gonna add a placeholder here, I will do it in the placeholder field.\u003C/p>\u003Cp>Speaker 1: Yeah. You've also got the help field or the the note field, I think, is is what it is as well. Like, the placeholder is gonna be it's gonna disappear as soon as they start typing. Right? The if you go to the field tab when you create 1, you got some helper text that you can add.\u003C/p>\u003Cp>Okay.\u003C/p>\u003Cp>Speaker 0: Okay. So here, we are creating the main image versus the gallery of images that they could just, like, see. So\u003C/p>\u003Cp>Speaker 1: Yeah. There there's 2 ways you could you could do that. Right? You could just have an image gallery and use the first item in the gallery as, like, the featured image. It's kinda a matter of personal preference.\u003C/p>\u003Cp>Usually, I like to be more explicit. And because of the way that Directus, like, queries the data and, like, if I'm showing a list of projects, I I can create it or treat it my gosh. I came to talk today. You could treat it like GraphQL, and I could tell it specifically the fields that I want. So, you know, on the index page where we're showing a list of projects, I can just grab the featured image and not worry about the image gallery.\u003C/p>\u003Cp>So that's that's probably why I would do 2 separate fields for those. So you might have, like, a, like, a featured image field and then, like, an image gallery or gallery, whatever you wanna call it. This is just a single image that you're gonna use across the site.\u003C/p>\u003Cp>Speaker 0: Featured No.\u003C/p>\u003Cp>Speaker 1: No. No. No. What did you do?\u003C/p>\u003Cp>Speaker 0: I created a featured\u003C/p>\u003Cp>Speaker 1: It's not just messing with you. No. You don't need your Oh,\u003C/p>\u003Cp>Speaker 0: Don't be doing that today. Oh, man. Got my heart rate up. So next part, if we're doing a showcase or gallery, I assume files based on the image here.\u003C/p>\u003Cp>Speaker 1: Yep. Definitely.\u003C/p>\u003Cp>Speaker 0: And then showcase.\u003C/p>\u003Cp>Speaker 1: Bro, call it image gallery or a gallery.\u003C/p>\u003Cp>Speaker 0: I was gonna call it a project showcase.\u003C/p>\u003Cp>Speaker 1: I feel like we're going to The Price is Right if we're, like, doing showcase.\u003C/p>\u003Cp>Speaker 0: Okay. So I don't know if we want this required because as long as they have the the Yeah.\u003C/p>\u003Cp>Speaker 1: You don't necessarily have to add an image gallery. Cool.\u003C/p>\u003Cp>Speaker 0: So what else what else here?\u003C/p>\u003Cp>Speaker 1: That's it.\u003C/p>\u003Cp>Speaker 0: Really? Alright.\u003C/p>\u003Cp>Speaker 1: Now you're also gonna want what else do we have? We had the we had, like, the built with tags. That's gonna be yeah. You can use the tag interface for that. It'd be fine.\u003C/p>\u003Cp>Speaker 0: Built with JSON.\u003C/p>\u003Cp>Speaker 1: There you go. And in this case, you're gonna, like, do allow other values. You could also add some presets to this if you wanted\u003C/p>\u003Cp>Speaker 0: to. I'll add a few\u003C/p>\u003Cp>Speaker 1: where people can just choose those. There you go.\u003C/p>\u003Cp>Speaker 0: There you go. Allow other values. So when they type in, it'll add it. So that'll be a continually growing list. Big fan.\u003C/p>\u003Cp>Speaker 1: So for. You could force alphabetical order if you wanted to. Way to standardize. If not, you could have, you know, potentially, like, next being shown in a separate place. Mhmm.\u003C/p>\u003Cp>Also, just to clarify, that's not my stomach growling. That is this squirrel that I have on my lap.\u003C/p>\u003Cp>Speaker 0: Dog is protecting the house. Love it.\u003C/p>\u003Cp>Speaker 1: Oh, it's not protecting the house. It's it's being a pain in the butt. Tiny dogs, what do you do?\u003C/p>\u003Cp>Speaker 0: Would you force, like, capitalization and and white space and all that sort of stuff? It doesn't matter.\u003C/p>\u003Cp>Speaker 1: I don't know that I would just because, like, some of these well, I'm trying to think of a a good example of, like, a framework that prefers lowercase. I can't really think of any. Like, the white space, you might you know, like, white space, I would definitely, like, trim the white space, like, the the beginning and end, just so you remove white space. There you go. That way, there's, like, no extra, like, the space that's that's big, like breaking formatting or anything like that.\u003C/p>\u003Cp>Speaker 0: Cool. Alright. Awesome. Anything else I should consider here, in advanced field creation mode? Or Nah.\u003C/p>\u003Cp>Speaker 1: I wouldn't worry about it.\u003C/p>\u003Cp>Speaker 0: Great. So I feel like we're good there. I\u003C/p>\u003Cp>Speaker 1: think the next thing\u003C/p>\u003Cp>Speaker 0: we were looking for. Oh, the main content, which would be text area again.\u003C/p>\u003Cp>Speaker 1: Yeah. No. WYSIWYG. This, we're gonna give them formatting options. Why is it why is it main content?\u003C/p>\u003Cp>Not just content.\u003C/p>\u003Cp>Speaker 0: Because it's different from the short summary. Long\u003C/p>\u003Cp>Speaker 1: But that's already it's already a different field, my man.\u003C/p>\u003Cp>Speaker 0: Alright. Content it is.\u003C/p>\u003Cp>Speaker 1: Good here? I'm good. I'm good. My dog is not good. This This data model is good, though.\u003C/p>\u003Cp>Speaker 0: Alright. Feels good. I might actually go and make this content required. At least I have to share something about it. Great.\u003C/p>\u003Cp>So our mini to 1 is now done. Yeah. I guess we could go here. Let's say we're going to start a new project. Everything looks good.\u003C/p>\u003Cp>Yeah. Yeah. Amazing. Alright. So we have our partners.\u003C/p>\u003Cp>We have our one to many connection to the projects, then we've got the many to one back to the partners. So feel good about these 2 collections. Now it's about actioning the actual, role based permission control. So when somebody signs up on the agency side, they're gonna have to go in and be able to add these projects. Maybe invite somebody to add these projects, invite members of the other team if they have to update, agency information.\u003C/p>\u003Cp>Let's dive into role based access control. RBAC, direct us off. This is my first time ever using this, so it should be interesting. Oh,\u003C/p>\u003Cp>Speaker 1: okay. Alright. So what do you think you know?\u003C/p>\u003Cp>Speaker 0: What do I think I know? I see this big plus, and then that's what I think I know is I click this to create something.\u003C/p>\u003Cp>Speaker 1: Yeah. That would be a a user. But as far as, like, what we're trying to achieve, like, what's it what what is your current plan of attack in your mind? And then we'll, like, course correct.\u003C/p>\u003Cp>Speaker 0: Alright. Current plane of attack is and I will visualize this. So we're gonna get a partner in, and that's this little circle. This is a partner that fills out our partner request form. They go through the process.\u003C/p>\u003Cp>Once they have become a partner, via our partner manager, then that is when\u003C/p>\u003Cp>Speaker 1: Are are you supposed to be showing something on the screen? All I see is the user directory.\u003C/p>\u003Cp>Speaker 0: Yes. Yes. I am. Here we go.\u003C/p>\u003Cp>Speaker 1: Okay. Alright. Yeah. Now, we're seeing the circles. Okay.\u003C/p>\u003Cp>Speaker 0: Yeah. Yeah. You missed my circles. Alright. But these these are the phases.\u003C/p>\u003Cp>Right? So, actually, this is going to be, there's no preset yellow, of course. So I'll use orange. Initial come in, person fills out the form. They are vetted, become a partner, and then at this point is when we would send the send invite to partner directory.\u003C/p>\u003Cp>Send them here, and then once they fill that out, then they'd be officially a partner as part of that ecosystem.\u003C/p>\u003Cp>Speaker 1: Okay.\u003C/p>\u003Cp>Speaker 0: These circles are super misshapen. So at that point\u003C/p>\u003Cp>Speaker 1: I think that's an oval.\u003C/p>\u003Cp>Speaker 0: Yeah. It's definitely an oval. This is gonna be main oh my gosh. This is crazy. Main agency contact.\u003C/p>\u003Cp>They would fill fill out that part that we built. And then at this point, they can invite their own team. And I think that's it. So we'd have to figure out a role for this person? Because they're coming in cold, so they have to be able to log in.\u003C/p>\u003Cp>I think we'll provide them a username and a password they can change.\u003C/p>\u003Cp>Speaker 1: Yep.\u003C/p>\u003Cp>Speaker 0: And then we'll have to figure out a role for this person who doesn't necessarily have the ability to change the point of contact information, but just has access to a few fields in that collection, to update the agency information if they need to.\u003C/p>\u003Cp>Speaker 1: Okay. So we've got a admin at the agency, and then we have, like, a a team member at the agency\u003C/p>\u003Cp>Speaker 0: Yep.\u003C/p>\u003Cp>Speaker 1: Kind of set up.\u003C/p>\u003Cp>Speaker 0: Exactly. So 2 two roles, I think.\u003C/p>\u003Cp>Speaker 1: Okay. Now can a person be a part of multiple agencies?\u003C/p>\u003Cp>Speaker 0: I don't think so. I think that's too too much.\u003C/p>\u003Cp>Speaker 1: Too much. Too much.\u003C/p>\u003Cp>Speaker 0: I'm trying to think of any scenario. It seems like a very rare edge case that would be the case and would have to probably be treated on a one to one basis.\u003C/p>\u003Cp>Speaker 1: You could still accommodate that from, like, a using a separate email, basically, I guess. Separate login Maybe. Kind of scenario.\u003C/p>\u003Cp>Speaker 0: This is also the v two of this partner directory, I'd love to build in a thing where, like, an agency partner can go in and request a license or something for, like, a new project that they're building. I'm trying to think that would that would be either the admin or the team member can make that request, but it would be logged to that specific agency. So Yeah.\u003C/p>\u003Cp>Speaker 1: I I think this is good.\u003C/p>\u003Cp>Speaker 0: Good start.\u003C/p>\u003Cp>Speaker 1: Yeah. We'll just scope it down to, like, hey. You can only be a part of 1 agency at a time, which makes sense to me.\u003C/p>\u003Cp>Speaker 0: Okay. Cool. I like it.\u003C/p>\u003Cp>Speaker 1: Alright. So what are you what are you gonna do, man? What are you gonna do?\u003C/p>\u003Cp>Speaker 0: I'm gonna come to access control. I'm gonna click this big purple create role button. The role I create, the naming convention here is gonna be well, you know what? Why don't you tell me? Because I know whatever I put in this little purple Okay.\u003C/p>\u003Cp>Speaker 1: Thank you. So you give me The no. I I would just say, like, agency partner admin or something.\u003C/p>\u003Cp>Speaker 0: Agency partner admin. Not giving them admin access because that would\u003C/p>\u003Cp>Speaker 1: be No. No. No. No. That's just, like, a different thing.\u003C/p>\u003Cp>Yeah.\u003C/p>\u003Cp>Speaker 0: So app access only.\u003C/p>\u003Cp>Speaker 1: App access only.\u003C/p>\u003Cp>Speaker 0: As a small pardon me.\u003C/p>\u003Cp>Speaker 1: Yep.\u003C/p>\u003Cp>Speaker 0: Alright. So now, this is where things get interesting, because we have our website powered through this, which we've got, like, the blocks. So there's going to be a ton of these in here. And it's we're gonna have to provide the right access\u003C/p>\u003Cp>Speaker 1: to these. Correct.\u003C/p>\u003Cp>Speaker 0: All we need to really give them access to is the agency specific things.\u003C/p>\u003Cp>Speaker 1: Right? Correct. You got it, boss man. Which So yeah. Command f comes in handy here, for sure.\u003C/p>\u003Cp>We don't have a search in here yet, but I think it's on the docket.\u003C/p>\u003Cp>Speaker 0: You know, feature request would be great if we had the you know, it actually is frozen up here. That's very nice. I was gonna say, wait. If we could freeze that top column.\u003C/p>\u003Cp>Speaker 1: Alright. So what are you gonna do? Like, how do you wanna play this? You you want me to tell you you wanna step through this?\u003C/p>\u003Cp>Speaker 0: No. Let's I wanna think through this because I am looking at this. I haven't really messed with roles before, but, obviously, this is CRUD. You know, create, update, re what's the r for CRUD?\u003C/p>\u003Cp>Speaker 1: Update. The r? Oh, read. Read. Read.\u003C/p>\u003Cp>Speaker 0: Update. Delete. Yeah. So for the agents for the admin, we're gonna want them to be able to create.\u003C/p>\u003Cp>Speaker 1: Are you? Are you are you not just gonna, like, create a partner and then add the user as part of that partner? Like, is this is this is kind of a high touch program. Right?\u003C/p>\u003Cp>Speaker 0: Yeah. So we would create the agency partner, get the send them the login information. So it would already be created, so they don't need access to create, plus they might go and create stuff that they shouldn't.\u003C/p>\u003Cp>Speaker 1: Yeah. In this case, like, the only thing that they need to be able to do is read their own edit their own. We're not gonna let them delete. We're going to let them create, edit projects. They should be able\u003C/p>\u003Cp>Speaker 0: to delete projects too. Right?\u003C/p>\u003Cp>Speaker 1: Yeah. I was I would allow them to delete their own projects out of the system, but maybe not if it's published. Right? So as long as it's not published, you could delete it. If it is if it's already been published, like, we gotta go through some kind of flow so you're not breaking website.\u003C/p>\u003Cp>Speaker 0: So this would be custom.\u003C/p>\u003Cp>Speaker 1: Yeah. We don't have a field for we didn't add a field for the status of a project. Hey. Like, is this draft or published or not?\u003C/p>\u003Cp>Speaker 0: Alright. Yeah.\u003C/p>\u003Cp>Speaker 1: Add that to the to do list. Alright. And then project files would be the same where you can add project files as you can. Because this is this is just the image gallery. Right?\u003C/p>\u003Cp>So you need to be able to delete those as well.\u003C/p>\u003Cp>Speaker 0: So question. We have the share functionality, which barely gets used, admittedly, because I think there's a little bit of confusion around, like, what it actually allows for. So in this scenario of sharing a collection, would it be useful for them to share with the non, like, the non admin users That works.\u003C/p>\u003Cp>Speaker 1: So if we're gonna keep everybody contained inside, we probably wouldn't use share. We would just give them access. But but, like, say that somebody did not have user access and you wanted to share something with them, you could do that through the share functionality of, like, hey. I wanna share this one specific piece of content with someone, that's not a part of the Directus application.\u003C/p>\u003Cp>Speaker 0: Okay. So this makes sense. So I think for if they're if they're putting in one of those projects in the showcase and they wanna share it with, like, the client and be like, hey. We wrote this little mini study, like, or case study about the project we did with you. Can you confirm it?\u003C/p>\u003Cp>Would that be a good application for this?\u003C/p>\u003Cp>Speaker 1: Yeah. You could potentially do that. Alright. Like, if you if you wanted to see it before you go live yeah. Hey.\u003C/p>\u003Cp>Hey. Well, the other rub is, like, if you're rendering this on the front end, they're probably gonna wanna see the front end as well. So, you know, that kinda goes into, like, a live preview mode on the front end. But just to see the actual content to get approval, you could certainly add share access for this.\u003C/p>\u003Cp>Speaker 0: And we would do that at the\u003C/p>\u003Cp>Speaker 1: project? Project level. Yeah. Cool.\u003C/p>\u003Cp>Speaker 0: Yeah. This feels good so far.\u003C/p>\u003Cp>Speaker 1: Okay.\u003C/p>\u003Cp>Speaker 0: Saves automatically. So Yeah. Alright. Agency So\u003C/p>\u003Cp>Speaker 1: so what's next?\u003C/p>\u003Cp>Speaker 0: I'm gonna create the other role just so\u003C/p>\u003Cp>Speaker 1: it's Okay. Alright.\u003C/p>\u003Cp>Speaker 0: Agency, partner. Boy. Not the admin. Team role. That's it.\u003C/p>\u003Cp>Speaker 1: Team. Just team. Just team. It's already a role.\u003C/p>\u003Cp>Speaker 0: Oh, man. Cracked me up. Alright. So here, they're not going to have access to ad. They'll have access to c, but we don't want them to have access to edit it because that'll be from the admin.\u003C/p>\u003Cp>No. Actually, we do, because can we use a custom permission here, so where they can't see the proof of the point of contact and, like, edit that?\u003C/p>\u003Cp>Speaker 1: Yeah. You certainly can.\u003C/p>\u003Cp>Speaker 0: So\u003C/p>\u003Cp>Speaker 1: It would be within the field permissions.\u003C/p>\u003Cp>Speaker 0: Field permissions.\u003C/p>\u003Cp>Speaker 1: So here's the here's the fields that they can update. So you're going to hit show more there so you can see the rest of them. Mhmm. Alright.\u003C/p>\u003Cp>Speaker 0: So check everything except for point of contact group because everything that's within that group.\u003C/p>\u003Cp>Speaker 1: That's a great question. Yeah. Let's try it and see.\u003C/p>\u003Cp>Speaker 0: Okay.\u003C/p>\u003Cp>Speaker 1: I I I I think it will just be I I think you'll still have to do contact first name, last name, email. Or well, you don't want them to edit that. I'm sorry. Yeah. Leave that unchecked.\u003C/p>\u003Cp>Speaker 0: Yeah. Printer name. Divider. Country. Partners.\u003C/p>\u003Cp>Work description, specialization, logo, team size, projects. Alright. So now they have, custom access to that, if that makes sense.\u003C/p>\u003Cp>Speaker 1: Yep. They're gonna need access to projects, so they can add projects, update projects.\u003C/p>\u003Cp>Speaker 0: Don't want them to be able to delete. We wanna leave that to the admin. And project files, add, see, and edit. Yeah. I think this makes sense for v one rule.\u003C/p>\u003Cp>And if we need to update it later, we can. It's the beauty of automatically saving. Okay.\u003C/p>\u003Cp>Speaker 1: Cool. Cool.\u003C/p>\u003Cp>Speaker 0: Good with these 2. Now the tricky part is\u003C/p>\u003Cp>Speaker 1: alright. What's what is the what is what's the tricky part?\u003C/p>\u003Cp>Speaker 0: The tricky part is whenever we create, when we manually create an agency partner inside of this, we have to create their contact information for that that point of contact. So, like, user directory, we can see here. We can create a user within here. So we fill out, like, their first name, last name, email, password. Interesting we have company info already baked in here.\u003C/p>\u003Cp>So\u003C/p>\u003Cp>Speaker 1: Yeah. That is, that's interesting. I think that is a factor of the docs.\u003C/p>\u003Cp>Speaker 0: Okay. No. This is good. Okay. So if we were to create a fake person here, fake person, and I'll just add in my email.\u003C/p>\u003Cp>We'll have to blur these so they don't pop up.\u003C/p>\u003Cp>Speaker 1: I'd I'd hopefully will be deleting fake person later. And you're gonna have to change your email address because you're already\u003C/p>\u003Cp>Speaker 0: I'm already a member here.\u003C/p>\u003Cp>Speaker 1: You're already in in the system.\u003C/p>\u003Cp>Speaker 0: Auto pop are you seeing my auto\u003C/p>\u003Cp>Speaker 1: Yeah. It looks like it's, spazzing out a little bit there.\u003C/p>\u003Cp>Speaker 0: Yeah. I don't know if you see, like, the pop up where it's, like, all of the things I've pre filled.\u003C/p>\u003Cp>Speaker 1: No. No. I don't see the pop up. Alright. It has to do with your sharing settings, I'm sure.\u003C/p>\u003Cp>Speaker 0: Gotcha. Well, that's good because there's some private info in here. So I'm gonna use a personal Gmail here. I'm not worried about that. I'm not worried about any of that.\u003C/p>\u003Cp>I just wanted to create the fake person stuff. So\u003C/p>\u003Cp>Speaker 1: Okay. Here.\u003C/p>\u003Cp>Speaker 0: I will save. Save. And then for this, I'll go check my email.\u003C/p>\u003Cp>Speaker 1: Did you did you create a password for them? You can also just open up an incognito window and log in. So, like, if you do the if you invite them versus so there's a there's 2 ways. Right? You can invite a user, or you can create a user.\u003C/p>\u003Cp>So what you did was created a user. They're already in the system. They should already have access. Yes. If you send an invite.\u003C/p>\u003Cp>Speaker 0: Alright. So we're in. As an admin, I have access to, these things. I see you just added a agency I\u003C/p>\u003Cp>Speaker 1: added some agency partners for you.\u003C/p>\u003Cp>Speaker 0: Thank you. So if I were to look at yours, I see your name, your agency, your mug, team size, specializations. Looks good to me. There's my mug.\u003C/p>\u003Cp>Speaker 1: What's the problem here, bro?\u003C/p>\u003Cp>Speaker 0: Problem is you have access to all of our files and our user directory of other team members. And we want to scope that down. Additionally, you have access to our insights, which shouldn't have access to that. So we have to limit access to parts of the app from the admin.\u003C/p>\u003Cp>Speaker 1: And what else?\u003C/p>\u003Cp>Speaker 0: And\u003C/p>\u003Cp>Speaker 1: And then, and then, alright. Can you edit my agency?\u003C/p>\u003Cp>Speaker 0: I can edit your agency. That's right. That is right.\u003C/p>\u003Cp>Speaker 1: I'm I'm not saying, like, that would be in a potential issue. Like, we've got a a great list of community members, but\u003C/p>\u003Cp>Speaker 0: Oh, man.\u003C/p>\u003Cp>Speaker 1: Probably not good if you can update somebody else's agency information.\u003C/p>\u003Cp>Speaker 0: If I had other agencies in the US that were in my territory, I'd be editing, like, this agency sucks.\u003C/p>\u003Cp>Speaker 1: Alright. So how do we fix it?\u003C/p>\u003Cp>Speaker 0: So we're gonna go back, step 1, to our normal back enroll right here. I think what we do here, access control, printer admin.\u003C/p>\u003Cp>Speaker 1: There's a step that comes before this.\u003C/p>\u003Cp>Speaker 0: I don't know what the step is. That's why I brought you.\u003C/p>\u003Cp>Speaker 1: So you need, if if you're gonna restrict to a certain agency partner. Right? You got a user. You got an agency partner. You need an arrow between the 2.\u003C/p>\u003Cp>If we're looking at, like, a your diagram of your your circles. You gotta have a relationship between the 2 to be able to filter permissions based on it. Right?\u003C/p>\u003Cp>Speaker 0: Right.\u003C/p>\u003Cp>Speaker 1: Alright.\u003C/p>\u003Cp>Speaker 0: Right. I think. It's early. I'm having trouble conceptualizing this. So\u003C/p>\u003Cp>Speaker 1: Okay. So, basically, we have to create a relationship between the user and the agency partner.\u003C/p>\u003Cp>Speaker 0: Who's the user in this scenario?\u003C/p>\u003Cp>Speaker 1: The the person who's logging in to update the actual information.\u003C/p>\u003Cp>Speaker 0: The the team member? Like, the team\u003C/p>\u003Cp>Speaker 1: The team member or the admin role. Right? They're still logging in to direct us.\u003C/p>\u003Cp>Speaker 0: Gotcha. What would be that step?\u003C/p>\u003Cp>Speaker 1: Alright. So you're gonna go to your data model.\u003C/p>\u003Cp>Speaker 0: Going to the data model. Alright. Sorry.\u003C/p>\u003Cp>Speaker 1: That's where we're gonna create the relationship. You're gonna go to your partners collection.\u003C/p>\u003Cp>Speaker 0: Agency partners.\u003C/p>\u003Cp>Speaker 1: Alright. And we're gonna create a relationship here. We're gonna create a relationship here.\u003C/p>\u003Cp>Speaker 0: I don't know.\u003C/p>\u003Cp>Speaker 1: We're gonna create a relationship here.\u003C/p>\u003Cp>Speaker 0: Yeah. Where does, where do you create a relationship at? I have no idea.\u003C/p>\u003Cp>Speaker 1: Right there, man.\u003C/p>\u003Cp>Speaker 0: Where? Here? Create\u003C/p>\u003Cp>Speaker 1: It has a field. Create a field. Yep. Alright. So you tell me what the relationship is gonna be.\u003C/p>\u003Cp>Speaker 0: This is stringing into territory.\u003C/p>\u003Cp>Speaker 1: Get, like, the, like, the jeopardy timer up? Yeah. Like, the final jeopardy question?\u003C/p>\u003Cp>Speaker 0: This is where I'm not sure. Because when I think of a collection, I think of a form, like fields. And the admin here is gonna be creating a mini to 1. Right? Because it'll be multiple team members associated to one agency.\u003C/p>\u003Cp>Speaker 1: Correct. They will create that via a form, or it's not just, like, automatically So we've gotta create the relationship first, and then you can have it automatically populate the information\u003C/p>\u003Cp>Speaker 0: Okay.\u003C/p>\u003Cp>Speaker 1: When users get created.\u003C/p>\u003Cp>Speaker 0: So from the agency partner's perspective, it's gonna be many to 1 because on the other side is the team member that's a one. Now wait.\u003C/p>\u003Cp>Speaker 1: That's it. No. No. No. If you've got if you've got multiple people that are part of the same agency, it is a The agency to many because a user belongs to one agency.\u003C/p>\u003Cp>The agency could have many users.\u003C/p>\u003Cp>Speaker 0: Gotcha. So\u003C/p>\u003Cp>Speaker 1: here, you're gonna pick the one to one to many option.\u003C/p>\u003Cp>Speaker 0: Okay. One to many.\u003C/p>\u003Cp>Speaker 1: There you go. This is gonna be\u003C/p>\u003Cp>Speaker 0: the admin is the one that's filling this out. So they're gonna be building they're gonna invite team members.\u003C/p>\u003Cp>Speaker 1: User. You're gonna call it user. Yeah. Or servers. Users, plural.\u003C/p>\u003Cp>There you go. Users. Alright. The related collection is going to be directus_users. That is a system collection.\u003C/p>\u003Cp>That's why it's prefixed with directus. Yeah. And then for the foreign key, that's gonna be the field that holds the agency partner ID inside the Directus users table or the directus users collection. So that would probably be agency partner or agency partner ID.\u003C/p>\u003Cp>Speaker 0: Is that something that's built already?\u003C/p>\u003Cp>Speaker 1: No. You don't have to build it, though. If you key it in and it doesn't exist, Directus will create it for you.\u003C/p>\u003Cp>Speaker 0: No. Agency partner ID.\u003C/p>\u003Cp>Speaker 1: There you go.\u003C/p>\u003Cp>Speaker 0: Okay.\u003C/p>\u003Cp>Speaker 1: Alright. Doesn't really matter if we show these in a list or a table. Solid. Do we wanna show a link to the user? Probably.\u003C/p>\u003Cp>Yeah. And we're gonna dismiss. Not sure why that error shows up. But now we have created a relationship. Right?\u003C/p>\u003Cp>And if you go back to the data model, open up the system fields. There you go.\u003C/p>\u003Cp>Speaker 0: Fields. System collection.\u003C/p>\u003Cp>Speaker 1: There you go. Click on direct as users. So these are the system collections. You can't update any of the, like, the default fields, but we should see at the very bottom of this, you should see an agency partner ID field. You might wanna unhide that just for fun.\u003C/p>\u003Cp>There you go. Alright. So we've got the relationship now. Now we can actually use that to restrict permissions. That make sense?\u003C/p>\u003Cp>Speaker 0: Yep.\u003C/p>\u003Cp>Speaker 1: Got it? Alright. So we're gonna go back to access control, and we'll we'll just do, like, the part agency partner admin for now because we that's the user that we've got. Alright. So down the bottom, you got scroll up to where you got the actual permissions.\u003C/p>\u003Cp>There you go. Alright. So agency partners, all these are gonna be custom permissions. Right? So change this from all to custom for read.\u003C/p>\u003Cp>Right? We only want them to be able to see their own agency.\u003C/p>\u003Cp>Speaker 0: The admin?\u003C/p>\u003Cp>Speaker 1: Right. K. So Alright. So for item permissions there oh, go back.\u003C/p>\u003Cp>Speaker 0: So for here\u003C/p>\u003Cp>Speaker 1: Yep. View. Go to use custom. Yeah. Alright.\u003C/p>\u003Cp>So for item permissions, we're gonna add a filter for this. Right? And the filter is gonna be the ID. So the agency partner ID, right, is equal to we're gonna use a little bit of Directus magic here. You're gonna type in dollar sign, all caps, current_user.\u003C/p>\u003Cp>So that's gonna give us the current user that's logged in. Right? We can use the related fields that are attached to that user in our filter here. So we're gonna do current underscore user dot agency underscore, you gotta get now we're going back all lowercase. There you go.\u003C/p>\u003Cp>Partner\u003C/p>\u003Cp>Speaker 0: underscore\u003C/p>\u003Cp>Speaker 1: underscore ID. Right? That's the field that we set up on that particular on the direct us users collection. So now what we've just said is basically, hey. I can only read the agency partner's collection, like, the items within that collection that that equal this rule, which is only gonna be 1.\u003C/p>\u003Cp>Right?\u003C/p>\u003Cp>Speaker 0: Okay.\u003C/p>\u003Cp>Speaker 1: Makes sense? Now what you're gonna do, click, click the drop down. Well, hover over rule or just the actual heading. Let me give you a shortcut. Yeah.\u003C/p>\u003Cp>Or it it says rule right up above that. Click that. Click copy raw value. Mhmm. Save this.\u003C/p>\u003Cp>And then go to the edit permissions for that agency partners Mhmm. And click use custom, and paste that there for the item permissions here. Say okay. So now we can only see our own agencies that we're a part of. We can only edit our own agency.\u003C/p>\u003Cp>Now we have to go through and do something similar for projects. Right? Because I I shouldn't be able to edit some other agency's project.\u003C/p>\u003Cp>Speaker 0: Right.\u003C/p>\u003Cp>Speaker 1: So I can create projects. When when I go to custom here and instead of there's no item permissions for creating an item because there's we're creating an item. The item doesn't exist yet. We can't filter by it. But what we're gonna do for the presets, in this case, we're gonna give it a preset.\u003C/p>\u003Cp>And the preset we're gonna do here, you're gonna do, the mustache brackets so we get some JSON. Okay. And within that, you're gonna create a new field. There you go. What do we hit enter.\u003C/p>\u003Cp>Mhmm. And what are we gonna do here? Agency okay. So the if we're in the project trying to think of the field. What did we call the field relating back?\u003C/p>\u003Cp>Partner. Okay. So you're gonna put partner in quotation marks. K. Colon.\u003C/p>\u003Cp>There you go. Colon. Quotation mark. 2 left mustache brackets, dollar sign current, Whoop. That's a hash.\u003C/p>\u003Cp>Current. Underscore user dot what? Agency underscore partner underscore ID. And then you're gonna close that mustache syntax and hit the quotation mark. Alright.\u003C/p>\u003Cp>So what that's gonna do, whenever this user within this role creates a new project, it's gonna default the partner value to that specific field or to the agency partner ID that's attached to that user. So whenever they create a project, it's always gonna be scoped to that specific agency.\u003C/p>\u003Cp>Speaker 0: Gotcha. Okay. That makes sense.\u003C/p>\u003Cp>Speaker 1: Cool. So now you hit save.\u003C/p>\u003Cp>Speaker 0: Should I oh, no. Because this is on creation. So\u003C/p>\u003Cp>Speaker 1: Yep. And then so within that go back down. And then we're gonna apply custom permissions for the other items here. Right? Mhmm.\u003C/p>\u003Cp>So the rule here is not gonna be ID because now we're inside the project. Right? We're not inside the partner anymore. So it's gonna be the partner dot ID. So there you go.\u003C/p>\u003Cp>Expand that. Partner dot ID. Yeah. But it's gonna be the same value. Dollar sign current underscore user dot agency_partner.i oh, not dotid_id.\u003C/p>\u003Cp>Yeah. You got it right. Alright. And now you can copy that, and you can apply it to all the other ones.\u003C/p>\u003Cp>Speaker 0: This is something that's so for as I paste this, that, like, custom type of filter and and building the presets and things like that. Like, that's that's high level stuff. Like, like, the doc, would the docs be the best place to learn things like that, for somebody\u003C/p>\u003Cp>Speaker 1: Yeah. There's a good primer on the on roles and permissions within docs. So hover over role. There you go. Paste.\u003C/p>\u003Cp>But the the docs are certainly good. There's a couple of great guides on it as well. But all those variables that are available are documented there. Right?\u003C/p>\u003Cp>Speaker 0: Yeah. And they should only be able to share their own things. There you go. Now Alright. So files or\u003C/p>\u003Cp>Speaker 1: So for project files, that's a junction collection. We could go in and, like, scope that as well. It probably not necessary for for this episode.\u003C/p>\u003Cp>Speaker 0: No. We can do that.\u003C/p>\u003Cp>Speaker 1: Because, basically, what that project files collection is is just a, like, a pointer to a direct to file and a pointer to a project. There's nothing else that's being stored in there.\u003C/p>\u003Cp>Speaker 0: Okay.\u003C/p>\u003Cp>Speaker 1: Now the other thing that we're probably gonna want to adjust, and there's there's a couple ways we could get this done, is the file access. Right? We don't want them to be able to access all of our files.\u003C/p>\u003Cp>Speaker 0: Mhmm.\u003C/p>\u003Cp>Speaker 1: We don't want them to be able to delete our files. You know, we probably trying to think of the best way to scope this where you get tied to a specific user who has the same partner. Like, I could see only the files that we've uploaded into the system.\u003C/p>\u003Cp>Speaker 0: So the Does\u003C/p>\u003Cp>Speaker 1: that make sense?\u003C/p>\u003Cp>Speaker 0: You're thinking of doing it tied to the main admin user, or would it be like a\u003C/p>\u003Cp>Speaker 1: So each each user who is logged in is gonna have like, if they're part of this agency partner program, they're gonna have to be tied to a specific agency. Right? We should be able to go through that relationship and just show all of the files that were uploaded by members of that agency. I'm thinking we should be able to do that. This gets a little deeper into, like, the nesting, but, a couple things that I would do here.\u003C/p>\u003Cp>Right? Like, the the other option is to do something like a folder or, you know, add we could go in and modify the Directus files collection to have a relationship to the actual agency. And then whenever a file gets created, we add the agency relationship to that specific file. So there's multiple ways we could achieve it. I'm trying to think of the the easiest one to do for for this one.\u003C/p>\u003Cp>Speaker 0: Here's a question. Should we make a part 3 where we focus on kind of the system collections and how they interact with, like, the role based access control stuff.\u003C/p>\u003Cp>Speaker 1: Where are we at time wise?\u003C/p>\u003Cp>Speaker 0: We're coming up on about an hour. So may I mean, that seems like a good part through to me, because it sounds like it's gonna be a little bit more in the weeds on kind of structuring this out on the more of the back less of the partner directory itself, so more of, like, how Directus interacts with specific roles and and things like that. So, if you think it's quick fix, quick solution, I'm up for it. But\u003C/p>\u003Cp>Speaker 1: Hey. Let's log in and test this out. Hey. Let's test what we've got so far Alright. And see see how that's working.\u003C/p>\u003Cp>Right? So at at this point, like, actually, do one more thing for me. Go to the system collections, and we wanna restrict access to the insights. Right? So if you go into Directus dashboards\u003C/p>\u003Cp>Speaker 0: Directus dashboards here.\u003C/p>\u003Cp>Speaker 1: Just set that to none. So there's a shortcut over there. Right? Go to Directus panels.\u003C/p>\u003Cp>Speaker 0: Panels.\u003C/p>\u003Cp>Speaker 1: Set that to none. Mhmm. There you go. Alright. So that should limit any of the actual folks from seeing any of the inside spales.\u003C/p>\u003Cp>Speaker 0: Great. Okay.\u003C/p>\u003Cp>Speaker 1: Oh, and then the other thing that we wanna do here, where this is the agency partner role, So where it says direct as\u003C/p>\u003Cp>Speaker 0: roles Mhmm.\u003C/p>\u003Cp>Speaker 1: We let's change that. So add a custom permission for that.\u003C/p>\u003Cp>Speaker 0: For which one?\u003C/p>\u003Cp>Speaker 1: For the the read.\u003C/p>\u003Cp>Speaker 0: Read. Use custom.\u003C/p>\u003Cp>Speaker 1: Alright. So for the role here, we want to, what roles do we wanna see? The roles of the item yeah. So there's a oh, okay. I think it's actually already set in it.\u003C/p>\u003Cp>ID equals current rule. Follow automatically applied when okay. So I think that should be good then.\u003C/p>\u003Cp>Speaker 0: Okay. So they'll only be able to see because we should they should only be able to see in the in the admin of, like, users. It should just be their agency users. Yeah.\u003C/p>\u003Cp>Speaker 1: Right. No. So what we need to do there is we just need to add a condition to the direct as users collection instead of the role. So go ahead and close this. Scroll down to direct as users, and the read there is the one that we're gonna update.\u003C/p>\u003Cp>Speaker 0: Okay.\u003C/p>\u003Cp>Speaker 1: Alright. So the yeah. It's gonna be the agency partner. You should be able to search for it. Agency partner ID.\u003C/p>\u003Cp>Yep. There you go. Equals current, dollar sign. Right? Current underscore user.\u003C/p>\u003Cp>Yeah. Dot agency_partner.id. Great. Alright. So now let's log in.\u003C/p>\u003Cp>We'll worry about files later. We're gonna open up that other browser, whatever you had. Now hit refresh.\u003C/p>\u003Cp>Speaker 0: And any other agency projects or partners.\u003C/p>\u003Cp>Speaker 1: And you shouldn't be able to see any projects either because we don't have any Yeah. Yeah. We don't have any projects, but as far as the user directory, I shouldn't see any other users either.\u003C/p>\u003Cp>Speaker 0: I see myself.\u003C/p>\u003Cp>Speaker 1: Yeah. And and, again, like, we could go in and restrict that list of roles, I guess. You know, not particularly sensitive, but, you know, we could restrict that to just the agency partner roles if we wanted to. You know, files, they're still gonna be able to see all files. But what I'm gonna do behind the scenes here, we don't have this relationship between your fake user and the project or the agency.\u003C/p>\u003Cp>Right? So that's why you're not seeing any projects. Maybe you wanna pull the admin back up. That way we could just show everybody, I guess. Mhmm.\u003C/p>\u003Cp>Alright. So go to your user's directory. Here. In the the module bar. So, like, the actual user's directory.\u003C/p>\u003Cp>There you go. Alright. Find your fake person. And I don't want any scrubs on my team, so it could be in your agency.\u003C/p>\u003Cp>Speaker 0: Don't want no scrubs.\u003C/p>\u003Cp>Speaker 1: Agency So the agency partner ID, yeah, you could put them in your agency, and hit save. So now you've added that user to that agency, and that user has the appropriate role. They've got a partner ID that's linked. If you log in as that user now, if you switch back to that incognito window and hit refresh Mhmm. We should see, like, on the agency partner side of it, should see your agency.\u003C/p>\u003Cp>And, like, if you click into it, should have the ability to edit that as well. Wonderful.\u003C/p>\u003Cp>Speaker 0: It's just okay. Yeah. Just okay. Oh, cool. So, and then here we could instead of, you know, a table layout, I could do map.\u003C/p>\u003Cp>And wherever the country is, maybe that shows up here.\u003C/p>\u003Cp>Speaker 1: Very cool. There you go. So now within that, right, we could go in and like, you could go in and flesh out all of your projects if you wanted to.\u003C/p>\u003Cp>Speaker 0: Yeah. And then they would all automatically be associated just with that single agency because that's what the person's Correct. Fantastic.\u003C/p>\u003Cp>Speaker 1: Yeah. So as far as, like, the the next steps, right, would be a figure out I I I at this point, I don't think we fully understand how we wanna scope, like, the file library because, yeah, I would think that it it would be helpful for agency partners to have access to, like, all the brand assets.\u003C/p>\u003Cp>Speaker 0: Right.\u003C/p>\u003Cp>Speaker 1: Right? There's there's certain internal files we wanna give them access to, but, you know, there's probably some private things that we wouldn't want them to have access to. So it it would make sense to do it on a combination of maybe, like, folder structure and files that they've uploaded as well. Like, any of the files that we've uploaded, they can't change. They could read those files.\u003C/p>\u003Cp>They could download them. They can't delete or edit. But files that they've uploaded, you know, maybe they've got the ability to edit or replace those.\u003C/p>\u003Cp>Speaker 0: That's a great point. That brand kit. Alright. Awesome. Well, episode 2, part 2.\u003C/p>\u003Cp>I feel like we've covered a lot of good ground here. Part 1, we got the actual data model set up. Part 2, we got the roles and access. Next part, part 3, we'll talk about how to share specific internal assets, how they can upload assets, and only access the things that they need within a direct instance test.\u003C/p>","Everybody, welcome back to the part 2 of Technically, I'm Lost, t I l. As, again, you're probably joining us from the last episode. I'm Matt, and this is Bryant. Put a little French spin on it today. If you've watched part 1, if are we gonna did I just cut you off? I no. No. It's okay. I was gonna say do I look French to you? But We'll have to ask, Alex Chopin, our director of engineering from France. I digress. But yeah. So if you watched part 1, if you haven't, you're probably confused. We suggest you go watch part 1, because this is part 2 of part 1. But, part 1, we are building a partner directory for us to use with our current partners. In that first episode, we planned out, how it was all gonna look, and we built out the form, which I can actually pull up my screen here and show you kind of how far we've gotten along. So, we I will say I, with the help of Bryant, me being a nontechnical person, learning directors for the first time, set up, this initial form in here. So we were able to set up, you know, point of contact, some information about the actual agency themselves, what they specialize in, with the drop down, partner logos, and we had, these projects, here as well as as this. So the general idea just to catch you up, is we wanna create a partner directory on the director's website for our partners, and this is the back end to get that whole thing running. So where we left off last time, Brian, do you remember? Yeah. Yeah. Kind of. No. I I think what we need to do now, Daniel, like, we've got our agency partner collection configured. That's looking nice. We need to go through and create the actual projects that we want them to add. So what's a data model look like for that? And then we need to scope a role for our partners. So, they can only edit their content and only, like, the agency partners and the project's collections. Great. Okay. So let's start with that part 1. So the projects, to give you a little background on how we're thinking about this. So when somebody comes to, you know, direct style slash partners, they'll filter down on country and specialization. By then, they'll find an agency they like. They click on them, and then that page will have a showcase of the projects that that agency has done with Directus. So we'll need to create that collection, as you mentioned. What's a good starting point for this? Is it just diving in? Is it a little bit of planning your strategic approach to this? Or what do you think? I I mean, I I think at a high level, you wanna know what what goes on a project or or, like, what form feels, like, what are we gonna display when you click into a project. Mhmm. You know, if I'm imagining it, like, you've got an agency page where you're you're surfacing all these projects, maybe, like do we have an extra page for each project as well? So I can I'm on the agency page. I see a list of their recent projects. I click in the project, and I get, like, a a mini case study type of thing, or we're gonna show those in a model, like, a pop up window. How what do we we wanna do there? I think it would be good to have a page. I like what you said about, like, a mini case study page. So maybe we'll have, like, the a scroller here of, like, they can go back and forth for, like, images of the actual website. And then I don't like it. You don't like it? I I want a grid. I don't like it. Give me a grid of projects. A grid. Wait for the individual project. Oh, no. No. No. For the individual projects, I I'm thinking well, you got, like, an image gallery. I I'm thinking like a grid still. Big grid guy. Yeah. Let me I'm gonna share. I'm gonna share a link. Let me share. This is, again, this is the agent c OS link. So this is a sample starter kit project that that I put together, to showcase what you could do with Directus. Let me I guess I could put it in the chat here instead of our team comps. Alright. Let me pull this up over here. This is not a a like, the text doesn't really jive here, but, you know, you've got, like, a a title for the project. You got, like, a summary, then you have some content, and then you have an image gallery that, you know, if you click on one of those images, then you could cycle through. Wow. Instead of, like, a instead of a carousel on the actual page, show a grid. And then you have some metadata, like, hey. What's the client? What's it built with? What's the cost? I I don't know if we wanna probably omit that for this. You know? Would be nice to show, like, what it was built with. Those could just be, like, tags. So this is kinda what I'm envisioning. You know, the the header there is probably not it doesn't really jive with, like, the direct as brand guidelines. So we'd probably do something different. But, you know, I I think at a high level, you got a title, a short summary of the project. You've got a featured image for the project. You have some content, in case they wanna expand or go into as much detail as they want to. And then there's probably, like, the the content would probably be, like, text. Right? Mhmm. And then the yeah. And then you could have, like, a separate gallery if you wanted to. Separate gallery. And then, you know, like, some tags for what it was built with, like front end type of stuff, I guess. Like, hey. Is it built with Next? Is it built with Next? I I don't know. I don't know if that's necessary either. Okay. I like this. So, yeah, so we would create a collection with these different items inside of Directus. Last time, if you can refresh my memory, when we created the projects here, this was a one to mini or a mini to 1? So it depends on where you're at. Right? Those are 2 inverse relationships. If you are a for this example, if we're on the agency partner, projects would be a one to many relationship because I've got one agency, many projects. But if I'm inside projects, it's the reverse. Right? I've got, one project or, actually, I'm sorry. Is it many projects to one agency, basically. Yeah. That makes sense. Like a project can only have belong to a single agency is what I'm trying to say. That makes sense. So we'd have this is the one to many from the agency side. So if we go here, this would be the many to 1. Yep. So what you're gonna have to do here is go into our data model for projects because we we didn't add any fields for that. Mhmm. Where is our here. So from the agency side, if if I click here, this will take me automatically there. It's over here. Great. So just like we did last time, you know, obviously, going through, filling out these fields. Title, I assume, would be just a standard input field. Title, String. There you go. I mean, required, obviously. Project title, let's see. The name of the client, input project client. And, again, I would probably just do, like, client name. Right? Because there's, like, where else are you using client name? You're not. Naming conventions. I'm about to get open that can of worms. So short summary. Would you use an input field, or would you use a text area field? Or Text area for sure. No wysiwyg. I don't wanna deal with rendering HTML or, stripping out HTML. I I just want, like, a short description to display on a card or in a heading. And if I'm gonna add a placeholder here, I will do it in the placeholder field. Yeah. You've also got the help field or the the note field, I think, is is what it is as well. Like, the placeholder is gonna be it's gonna disappear as soon as they start typing. Right? The if you go to the field tab when you create 1, you got some helper text that you can add. Okay. Okay. So here, we are creating the main image versus the gallery of images that they could just, like, see. So Yeah. There there's 2 ways you could you could do that. Right? You could just have an image gallery and use the first item in the gallery as, like, the featured image. It's kinda a matter of personal preference. Usually, I like to be more explicit. And because of the way that Directus, like, queries the data and, like, if I'm showing a list of projects, I I can create it or treat it my gosh. I came to talk today. You could treat it like GraphQL, and I could tell it specifically the fields that I want. So, you know, on the index page where we're showing a list of projects, I can just grab the featured image and not worry about the image gallery. So that's that's probably why I would do 2 separate fields for those. So you might have, like, a, like, a featured image field and then, like, an image gallery or gallery, whatever you wanna call it. This is just a single image that you're gonna use across the site. Featured No. No. No. No. What did you do? I created a featured It's not just messing with you. No. You don't need your Oh, Don't be doing that today. Oh, man. Got my heart rate up. So next part, if we're doing a showcase or gallery, I assume files based on the image here. Yep. Definitely. And then showcase. Bro, call it image gallery or a gallery. I was gonna call it a project showcase. I feel like we're going to The Price is Right if we're, like, doing showcase. Okay. So I don't know if we want this required because as long as they have the the Yeah. You don't necessarily have to add an image gallery. Cool. So what else what else here? That's it. Really? Alright. Now you're also gonna want what else do we have? We had the we had, like, the built with tags. That's gonna be yeah. You can use the tag interface for that. It'd be fine. Built with JSON. There you go. And in this case, you're gonna, like, do allow other values. You could also add some presets to this if you wanted to. I'll add a few where people can just choose those. There you go. There you go. Allow other values. So when they type in, it'll add it. So that'll be a continually growing list. Big fan. So for. You could force alphabetical order if you wanted to. Way to standardize. If not, you could have, you know, potentially, like, next being shown in a separate place. Mhmm. Also, just to clarify, that's not my stomach growling. That is this squirrel that I have on my lap. Dog is protecting the house. Love it. Oh, it's not protecting the house. It's it's being a pain in the butt. Tiny dogs, what do you do? Would you force, like, capitalization and and white space and all that sort of stuff? It doesn't matter. I don't know that I would just because, like, some of these well, I'm trying to think of a a good example of, like, a framework that prefers lowercase. I can't really think of any. Like, the white space, you might you know, like, white space, I would definitely, like, trim the white space, like, the the beginning and end, just so you remove white space. There you go. That way, there's, like, no extra, like, the space that's that's big, like breaking formatting or anything like that. Cool. Alright. Awesome. Anything else I should consider here, in advanced field creation mode? Or Nah. I wouldn't worry about it. Great. So I feel like we're good there. I think the next thing we were looking for. Oh, the main content, which would be text area again. Yeah. No. WYSIWYG. This, we're gonna give them formatting options. Why is it why is it main content? Not just content. Because it's different from the short summary. Long But that's already it's already a different field, my man. Alright. Content it is. Good here? I'm good. I'm good. My dog is not good. This This data model is good, though. Alright. Feels good. I might actually go and make this content required. At least I have to share something about it. Great. So our mini to 1 is now done. Yeah. I guess we could go here. Let's say we're going to start a new project. Everything looks good. Yeah. Yeah. Amazing. Alright. So we have our partners. We have our one to many connection to the projects, then we've got the many to one back to the partners. So feel good about these 2 collections. Now it's about actioning the actual, role based permission control. So when somebody signs up on the agency side, they're gonna have to go in and be able to add these projects. Maybe invite somebody to add these projects, invite members of the other team if they have to update, agency information. Let's dive into role based access control. RBAC, direct us off. This is my first time ever using this, so it should be interesting. Oh, okay. Alright. So what do you think you know? What do I think I know? I see this big plus, and then that's what I think I know is I click this to create something. Yeah. That would be a a user. But as far as, like, what we're trying to achieve, like, what's it what what is your current plan of attack in your mind? And then we'll, like, course correct. Alright. Current plane of attack is and I will visualize this. So we're gonna get a partner in, and that's this little circle. This is a partner that fills out our partner request form. They go through the process. Once they have become a partner, via our partner manager, then that is when Are are you supposed to be showing something on the screen? All I see is the user directory. Yes. Yes. I am. Here we go. Okay. Alright. Yeah. Now, we're seeing the circles. Okay. Yeah. Yeah. You missed my circles. Alright. But these these are the phases. Right? So, actually, this is going to be, there's no preset yellow, of course. So I'll use orange. Initial come in, person fills out the form. They are vetted, become a partner, and then at this point is when we would send the send invite to partner directory. Send them here, and then once they fill that out, then they'd be officially a partner as part of that ecosystem. Okay. These circles are super misshapen. So at that point I think that's an oval. Yeah. It's definitely an oval. This is gonna be main oh my gosh. This is crazy. Main agency contact. They would fill fill out that part that we built. And then at this point, they can invite their own team. And I think that's it. So we'd have to figure out a role for this person? Because they're coming in cold, so they have to be able to log in. I think we'll provide them a username and a password they can change. Yep. And then we'll have to figure out a role for this person who doesn't necessarily have the ability to change the point of contact information, but just has access to a few fields in that collection, to update the agency information if they need to. Okay. So we've got a admin at the agency, and then we have, like, a a team member at the agency Yep. Kind of set up. Exactly. So 2 two roles, I think. Okay. Now can a person be a part of multiple agencies? I don't think so. I think that's too too much. Too much. Too much. I'm trying to think of any scenario. It seems like a very rare edge case that would be the case and would have to probably be treated on a one to one basis. You could still accommodate that from, like, a using a separate email, basically, I guess. Separate login Maybe. Kind of scenario. This is also the v two of this partner directory, I'd love to build in a thing where, like, an agency partner can go in and request a license or something for, like, a new project that they're building. I'm trying to think that would that would be either the admin or the team member can make that request, but it would be logged to that specific agency. So Yeah. I I think this is good. Good start. Yeah. We'll just scope it down to, like, hey. You can only be a part of 1 agency at a time, which makes sense to me. Okay. Cool. I like it. Alright. So what are you what are you gonna do, man? What are you gonna do? I'm gonna come to access control. I'm gonna click this big purple create role button. The role I create, the naming convention here is gonna be well, you know what? Why don't you tell me? Because I know whatever I put in this little purple Okay. Thank you. So you give me The no. I I would just say, like, agency partner admin or something. Agency partner admin. Not giving them admin access because that would be No. No. No. No. That's just, like, a different thing. Yeah. So app access only. App access only. As a small pardon me. Yep. Alright. So now, this is where things get interesting, because we have our website powered through this, which we've got, like, the blocks. So there's going to be a ton of these in here. And it's we're gonna have to provide the right access to these. Correct. All we need to really give them access to is the agency specific things. Right? Correct. You got it, boss man. Which So yeah. Command f comes in handy here, for sure. We don't have a search in here yet, but I think it's on the docket. You know, feature request would be great if we had the you know, it actually is frozen up here. That's very nice. I was gonna say, wait. If we could freeze that top column. Alright. So what are you gonna do? Like, how do you wanna play this? You you want me to tell you you wanna step through this? No. Let's I wanna think through this because I am looking at this. I haven't really messed with roles before, but, obviously, this is CRUD. You know, create, update, re what's the r for CRUD? Update. The r? Oh, read. Read. Read. Update. Delete. Yeah. So for the agents for the admin, we're gonna want them to be able to create. Are you? Are you are you not just gonna, like, create a partner and then add the user as part of that partner? Like, is this is this is kind of a high touch program. Right? Yeah. So we would create the agency partner, get the send them the login information. So it would already be created, so they don't need access to create, plus they might go and create stuff that they shouldn't. Yeah. In this case, like, the only thing that they need to be able to do is read their own edit their own. We're not gonna let them delete. We're going to let them create, edit projects. They should be able to delete projects too. Right? Yeah. I was I would allow them to delete their own projects out of the system, but maybe not if it's published. Right? So as long as it's not published, you could delete it. If it is if it's already been published, like, we gotta go through some kind of flow so you're not breaking website. So this would be custom. Yeah. We don't have a field for we didn't add a field for the status of a project. Hey. Like, is this draft or published or not? Alright. Yeah. Add that to the to do list. Alright. And then project files would be the same where you can add project files as you can. Because this is this is just the image gallery. Right? So you need to be able to delete those as well. So question. We have the share functionality, which barely gets used, admittedly, because I think there's a little bit of confusion around, like, what it actually allows for. So in this scenario of sharing a collection, would it be useful for them to share with the non, like, the non admin users That works. So if we're gonna keep everybody contained inside, we probably wouldn't use share. We would just give them access. But but, like, say that somebody did not have user access and you wanted to share something with them, you could do that through the share functionality of, like, hey. I wanna share this one specific piece of content with someone, that's not a part of the Directus application. Okay. So this makes sense. So I think for if they're if they're putting in one of those projects in the showcase and they wanna share it with, like, the client and be like, hey. We wrote this little mini study, like, or case study about the project we did with you. Can you confirm it? Would that be a good application for this? Yeah. You could potentially do that. Alright. Like, if you if you wanted to see it before you go live yeah. Hey. Hey. Well, the other rub is, like, if you're rendering this on the front end, they're probably gonna wanna see the front end as well. So, you know, that kinda goes into, like, a live preview mode on the front end. But just to see the actual content to get approval, you could certainly add share access for this. And we would do that at the project? Project level. Yeah. Cool. Yeah. This feels good so far. Okay. Saves automatically. So Yeah. Alright. Agency So so what's next? I'm gonna create the other role just so it's Okay. Alright. Agency, partner. Boy. Not the admin. Team role. That's it. Team. Just team. Just team. It's already a role. Oh, man. Cracked me up. Alright. So here, they're not going to have access to ad. They'll have access to c, but we don't want them to have access to edit it because that'll be from the admin. No. Actually, we do, because can we use a custom permission here, so where they can't see the proof of the point of contact and, like, edit that? Yeah. You certainly can. So It would be within the field permissions. Field permissions. So here's the here's the fields that they can update. So you're going to hit show more there so you can see the rest of them. Mhmm. Alright. So check everything except for point of contact group because everything that's within that group. That's a great question. Yeah. Let's try it and see. Okay. I I I I think it will just be I I think you'll still have to do contact first name, last name, email. Or well, you don't want them to edit that. I'm sorry. Yeah. Leave that unchecked. Yeah. Printer name. Divider. Country. Partners. Work description, specialization, logo, team size, projects. Alright. So now they have, custom access to that, if that makes sense. Yep. They're gonna need access to projects, so they can add projects, update projects. Don't want them to be able to delete. We wanna leave that to the admin. And project files, add, see, and edit. Yeah. I think this makes sense for v one rule. And if we need to update it later, we can. It's the beauty of automatically saving. Okay. Cool. Cool. Good with these 2. Now the tricky part is alright. What's what is the what is what's the tricky part? The tricky part is whenever we create, when we manually create an agency partner inside of this, we have to create their contact information for that that point of contact. So, like, user directory, we can see here. We can create a user within here. So we fill out, like, their first name, last name, email, password. Interesting we have company info already baked in here. So Yeah. That is, that's interesting. I think that is a factor of the docs. Okay. No. This is good. Okay. So if we were to create a fake person here, fake person, and I'll just add in my email. We'll have to blur these so they don't pop up. I'd I'd hopefully will be deleting fake person later. And you're gonna have to change your email address because you're already I'm already a member here. You're already in in the system. Auto pop are you seeing my auto Yeah. It looks like it's, spazzing out a little bit there. Yeah. I don't know if you see, like, the pop up where it's, like, all of the things I've pre filled. No. No. I don't see the pop up. Alright. It has to do with your sharing settings, I'm sure. Gotcha. Well, that's good because there's some private info in here. So I'm gonna use a personal Gmail here. I'm not worried about that. I'm not worried about any of that. I just wanted to create the fake person stuff. So Okay. Here. I will save. Save. And then for this, I'll go check my email. Did you did you create a password for them? You can also just open up an incognito window and log in. So, like, if you do the if you invite them versus so there's a there's 2 ways. Right? You can invite a user, or you can create a user. So what you did was created a user. They're already in the system. They should already have access. Yes. If you send an invite. Alright. So we're in. As an admin, I have access to, these things. I see you just added a agency I added some agency partners for you. Thank you. So if I were to look at yours, I see your name, your agency, your mug, team size, specializations. Looks good to me. There's my mug. What's the problem here, bro? Problem is you have access to all of our files and our user directory of other team members. And we want to scope that down. Additionally, you have access to our insights, which shouldn't have access to that. So we have to limit access to parts of the app from the admin. And what else? And And then, and then, alright. Can you edit my agency? I can edit your agency. That's right. That is right. I'm I'm not saying, like, that would be in a potential issue. Like, we've got a a great list of community members, but Oh, man. Probably not good if you can update somebody else's agency information. If I had other agencies in the US that were in my territory, I'd be editing, like, this agency sucks. Alright. So how do we fix it? So we're gonna go back, step 1, to our normal back enroll right here. I think what we do here, access control, printer admin. There's a step that comes before this. I don't know what the step is. That's why I brought you. So you need, if if you're gonna restrict to a certain agency partner. Right? You got a user. You got an agency partner. You need an arrow between the 2. If we're looking at, like, a your diagram of your your circles. You gotta have a relationship between the 2 to be able to filter permissions based on it. Right? Right. Alright. Right. I think. It's early. I'm having trouble conceptualizing this. So Okay. So, basically, we have to create a relationship between the user and the agency partner. Who's the user in this scenario? The the person who's logging in to update the actual information. The the team member? Like, the team The team member or the admin role. Right? They're still logging in to direct us. Gotcha. What would be that step? Alright. So you're gonna go to your data model. Going to the data model. Alright. Sorry. That's where we're gonna create the relationship. You're gonna go to your partners collection. Agency partners. Alright. And we're gonna create a relationship here. We're gonna create a relationship here. I don't know. We're gonna create a relationship here. Yeah. Where does, where do you create a relationship at? I have no idea. Right there, man. Where? Here? Create It has a field. Create a field. Yep. Alright. So you tell me what the relationship is gonna be. This is stringing into territory. Get, like, the, like, the jeopardy timer up? Yeah. Like, the final jeopardy question? This is where I'm not sure. Because when I think of a collection, I think of a form, like fields. And the admin here is gonna be creating a mini to 1. Right? Because it'll be multiple team members associated to one agency. Correct. They will create that via a form, or it's not just, like, automatically So we've gotta create the relationship first, and then you can have it automatically populate the information Okay. When users get created. So from the agency partner's perspective, it's gonna be many to 1 because on the other side is the team member that's a one. Now wait. That's it. No. No. No. If you've got if you've got multiple people that are part of the same agency, it is a The agency to many because a user belongs to one agency. The agency could have many users. Gotcha. So here, you're gonna pick the one to one to many option. Okay. One to many. There you go. This is gonna be the admin is the one that's filling this out. So they're gonna be building they're gonna invite team members. User. You're gonna call it user. Yeah. Or servers. Users, plural. There you go. Users. Alright. The related collection is going to be directus_users. That is a system collection. That's why it's prefixed with directus. Yeah. And then for the foreign key, that's gonna be the field that holds the agency partner ID inside the Directus users table or the directus users collection. So that would probably be agency partner or agency partner ID. Is that something that's built already? No. You don't have to build it, though. If you key it in and it doesn't exist, Directus will create it for you. No. Agency partner ID. There you go. Okay. Alright. Doesn't really matter if we show these in a list or a table. Solid. Do we wanna show a link to the user? Probably. Yeah. And we're gonna dismiss. Not sure why that error shows up. But now we have created a relationship. Right? And if you go back to the data model, open up the system fields. There you go. Fields. System collection. There you go. Click on direct as users. So these are the system collections. You can't update any of the, like, the default fields, but we should see at the very bottom of this, you should see an agency partner ID field. You might wanna unhide that just for fun. There you go. Alright. So we've got the relationship now. Now we can actually use that to restrict permissions. That make sense? Yep. Got it? Alright. So we're gonna go back to access control, and we'll we'll just do, like, the part agency partner admin for now because we that's the user that we've got. Alright. So down the bottom, you got scroll up to where you got the actual permissions. There you go. Alright. So agency partners, all these are gonna be custom permissions. Right? So change this from all to custom for read. Right? We only want them to be able to see their own agency. The admin? Right. K. So Alright. So for item permissions there oh, go back. So for here Yep. View. Go to use custom. Yeah. Alright. So for item permissions, we're gonna add a filter for this. Right? And the filter is gonna be the ID. So the agency partner ID, right, is equal to we're gonna use a little bit of Directus magic here. You're gonna type in dollar sign, all caps, current_user. So that's gonna give us the current user that's logged in. Right? We can use the related fields that are attached to that user in our filter here. So we're gonna do current underscore user dot agency underscore, you gotta get now we're going back all lowercase. There you go. Partner underscore underscore ID. Right? That's the field that we set up on that particular on the direct us users collection. So now what we've just said is basically, hey. I can only read the agency partner's collection, like, the items within that collection that that equal this rule, which is only gonna be 1. Right? Okay. Makes sense? Now what you're gonna do, click, click the drop down. Well, hover over rule or just the actual heading. Let me give you a shortcut. Yeah. Or it it says rule right up above that. Click that. Click copy raw value. Mhmm. Save this. And then go to the edit permissions for that agency partners Mhmm. And click use custom, and paste that there for the item permissions here. Say okay. So now we can only see our own agencies that we're a part of. We can only edit our own agency. Now we have to go through and do something similar for projects. Right? Because I I shouldn't be able to edit some other agency's project. Right. So I can create projects. When when I go to custom here and instead of there's no item permissions for creating an item because there's we're creating an item. The item doesn't exist yet. We can't filter by it. But what we're gonna do for the presets, in this case, we're gonna give it a preset. And the preset we're gonna do here, you're gonna do, the mustache brackets so we get some JSON. Okay. And within that, you're gonna create a new field. There you go. What do we hit enter. Mhmm. And what are we gonna do here? Agency okay. So the if we're in the project trying to think of the field. What did we call the field relating back? Partner. Okay. So you're gonna put partner in quotation marks. K. Colon. There you go. Colon. Quotation mark. 2 left mustache brackets, dollar sign current, Whoop. That's a hash. Current. Underscore user dot what? Agency underscore partner underscore ID. And then you're gonna close that mustache syntax and hit the quotation mark. Alright. So what that's gonna do, whenever this user within this role creates a new project, it's gonna default the partner value to that specific field or to the agency partner ID that's attached to that user. So whenever they create a project, it's always gonna be scoped to that specific agency. Gotcha. Okay. That makes sense. Cool. So now you hit save. Should I oh, no. Because this is on creation. So Yep. And then so within that go back down. And then we're gonna apply custom permissions for the other items here. Right? Mhmm. So the rule here is not gonna be ID because now we're inside the project. Right? We're not inside the partner anymore. So it's gonna be the partner dot ID. So there you go. Expand that. Partner dot ID. Yeah. But it's gonna be the same value. Dollar sign current underscore user dot agency_partner.i oh, not dotid_id. Yeah. You got it right. Alright. And now you can copy that, and you can apply it to all the other ones. This is something that's so for as I paste this, that, like, custom type of filter and and building the presets and things like that. Like, that's that's high level stuff. Like, like, the doc, would the docs be the best place to learn things like that, for somebody Yeah. There's a good primer on the on roles and permissions within docs. So hover over role. There you go. Paste. But the the docs are certainly good. There's a couple of great guides on it as well. But all those variables that are available are documented there. Right? Yeah. And they should only be able to share their own things. There you go. Now Alright. So files or So for project files, that's a junction collection. We could go in and, like, scope that as well. It probably not necessary for for this episode. No. We can do that. Because, basically, what that project files collection is is just a, like, a pointer to a direct to file and a pointer to a project. There's nothing else that's being stored in there. Okay. Now the other thing that we're probably gonna want to adjust, and there's there's a couple ways we could get this done, is the file access. Right? We don't want them to be able to access all of our files. Mhmm. We don't want them to be able to delete our files. You know, we probably trying to think of the best way to scope this where you get tied to a specific user who has the same partner. Like, I could see only the files that we've uploaded into the system. So the Does that make sense? You're thinking of doing it tied to the main admin user, or would it be like a So each each user who is logged in is gonna have like, if they're part of this agency partner program, they're gonna have to be tied to a specific agency. Right? We should be able to go through that relationship and just show all of the files that were uploaded by members of that agency. I'm thinking we should be able to do that. This gets a little deeper into, like, the nesting, but, a couple things that I would do here. Right? Like, the the other option is to do something like a folder or, you know, add we could go in and modify the Directus files collection to have a relationship to the actual agency. And then whenever a file gets created, we add the agency relationship to that specific file. So there's multiple ways we could achieve it. I'm trying to think of the the easiest one to do for for this one. Here's a question. Should we make a part 3 where we focus on kind of the system collections and how they interact with, like, the role based access control stuff. Where are we at time wise? We're coming up on about an hour. So may I mean, that seems like a good part through to me, because it sounds like it's gonna be a little bit more in the weeds on kind of structuring this out on the more of the back less of the partner directory itself, so more of, like, how Directus interacts with specific roles and and things like that. So, if you think it's quick fix, quick solution, I'm up for it. But Hey. Let's log in and test this out. Hey. Let's test what we've got so far Alright. And see see how that's working. Right? So at at this point, like, actually, do one more thing for me. Go to the system collections, and we wanna restrict access to the insights. Right? So if you go into Directus dashboards Directus dashboards here. Just set that to none. So there's a shortcut over there. Right? Go to Directus panels. Panels. Set that to none. Mhmm. There you go. Alright. So that should limit any of the actual folks from seeing any of the inside spales. Great. Okay. Oh, and then the other thing that we wanna do here, where this is the agency partner role, So where it says direct as roles Mhmm. We let's change that. So add a custom permission for that. For which one? For the the read. Read. Use custom. Alright. So for the role here, we want to, what roles do we wanna see? The roles of the item yeah. So there's a oh, okay. I think it's actually already set in it. ID equals current rule. Follow automatically applied when okay. So I think that should be good then. Okay. So they'll only be able to see because we should they should only be able to see in the in the admin of, like, users. It should just be their agency users. Yeah. Right. No. So what we need to do there is we just need to add a condition to the direct as users collection instead of the role. So go ahead and close this. Scroll down to direct as users, and the read there is the one that we're gonna update. Okay. Alright. So the yeah. It's gonna be the agency partner. You should be able to search for it. Agency partner ID. Yep. There you go. Equals current, dollar sign. Right? Current underscore user. Yeah. Dot agency_partner.id. Great. Alright. So now let's log in. We'll worry about files later. We're gonna open up that other browser, whatever you had. Now hit refresh. And any other agency projects or partners. And you shouldn't be able to see any projects either because we don't have any Yeah. Yeah. We don't have any projects, but as far as the user directory, I shouldn't see any other users either. I see myself. Yeah. And and, again, like, we could go in and restrict that list of roles, I guess. You know, not particularly sensitive, but, you know, we could restrict that to just the agency partner roles if we wanted to. You know, files, they're still gonna be able to see all files. But what I'm gonna do behind the scenes here, we don't have this relationship between your fake user and the project or the agency. Right? So that's why you're not seeing any projects. Maybe you wanna pull the admin back up. That way we could just show everybody, I guess. Mhmm. Alright. So go to your user's directory. Here. In the the module bar. So, like, the actual user's directory. There you go. Alright. Find your fake person. And I don't want any scrubs on my team, so it could be in your agency. Don't want no scrubs. Agency So the agency partner ID, yeah, you could put them in your agency, and hit save. So now you've added that user to that agency, and that user has the appropriate role. They've got a partner ID that's linked. If you log in as that user now, if you switch back to that incognito window and hit refresh Mhmm. We should see, like, on the agency partner side of it, should see your agency. And, like, if you click into it, should have the ability to edit that as well. Wonderful. It's just okay. Yeah. Just okay. Oh, cool. So, and then here we could instead of, you know, a table layout, I could do map. And wherever the country is, maybe that shows up here. Very cool. There you go. So now within that, right, we could go in and like, you could go in and flesh out all of your projects if you wanted to. Yeah. And then they would all automatically be associated just with that single agency because that's what the person's Correct. Fantastic. Yeah. So as far as, like, the the next steps, right, would be a figure out I I I at this point, I don't think we fully understand how we wanna scope, like, the file library because, yeah, I would think that it it would be helpful for agency partners to have access to, like, all the brand assets. Right. Right? There's there's certain internal files we wanna give them access to, but, you know, there's probably some private things that we wouldn't want them to have access to. So it it would make sense to do it on a combination of maybe, like, folder structure and files that they've uploaded as well. Like, any of the files that we've uploaded, they can't change. They could read those files. They could download them. They can't delete or edit. But files that they've uploaded, you know, maybe they've got the ability to edit or replace those. That's a great point. That brand kit. Alright. Awesome. Well, episode 2, part 2. I feel like we've covered a lot of good ground here. Part 1, we got the actual data model set up. Part 2, we got the roles and access. Next part, part 3, we'll talk about how to share specific internal assets, how they can upload assets, and only access the things that they need within a direct instance test.","published",[135,146],{"people_id":136},{"id":137,"first_name":138,"last_name":139,"avatar":140,"bio":141,"links":142},"ca1ac688-ecac-4f25-a4e9-7daf52c8235a","Matt","Minor","b4402ab0-41e4-4fc6-8bf0-769bf39ff114","Director of Demand Generation at Directus",[143],{"url":144,"service":145},"https://directus.io/team/matt-minor","website",{"people_id":147},{"id":148,"first_name":149,"last_name":150,"avatar":151,"bio":152,"links":153},"791e1503-1d88-463d-9347-0b9192933576","Bryant","Gillespie","9013afc8-e8d7-4182-9b18-44db08117bb9","Developer Advocate at Directus",[154,156],{"url":155,"service":145},"https://directus.io/team/bryant-gillespie",{"service":157,"url":158},"github","https://github.com/bryantgillespie",[],{"id":161,"number":162,"year":163,"episodes":164,"show":166},"b507c659-1dcf-4328-adca-5b77aa0eba6f",1,"2024",[165,122],"fb8ecc5d-0e74-4807-b59b-4273ca3424af",{"title":167,"tile":168},"Technically I'm Lost","22981e24-bc02-46bb-99c7-dcb89a176267",{"title":8,"meta_description":8},{"reps":171},[172,228],{"name":173,"sdr":8,"link":174,"countries":175,"states":177},"John Daniels","https://meet.directus.io/meetings/john2144/john-contact-form-meeting",[176],"United States",[178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227],"Michigan","Indiana","Ohio","West Virginia","Kentucky","Virginia","Tennessee","North Carolina","South Carolina","Georgia","Florida","Alabama","Mississippi","New York","MI","IN","OH","WV","KY","VA","TN","NC","SC","GA","FL","AL","MS","NY","Connecticut","CT","Delaware","DE","Maine","ME","Maryland","MD","Massachusetts","MA","New Hampshire","NH","New Jersey","NJ","Pennsylvania","PA","Rhode Island","RI","Vermont","VT","Washington DC","DC",{"name":229,"link":230,"countries":231},"Michelle Riber","https://meetings.hubspot.com/mriber",[232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,209,420,421],"Albania","ALB","Algeria","DZA","Andorra","AND","Angola","AGO","Austria","AUT","Belgium","BEL","Benin","BEN","Bosnia and Herzegovina","BIH","Botswana","BWA","Bulgaria","BGR","Burkina Faso","BFA","Burundi","BDI","Cameroon","CMR","Cape Verde","CPV","Central African Republic","CAF","Chad","TCD","Comoros","COM","Côte d'Ivoire","CIV","Croatia","HRV","Czech Republic","CZE","Democratic Republic of Congo","COD","Denmark","DNK","Djibouti","DJI","Egypt","EGY","Equatorial Guinea","GNQ","Eritrea","ERI","Estonia","EST","Eswatini","SWZ","Ethiopia","ETH","Finland","FIN","France","FRA","Gabon","GAB","Gambia","GMB","Ghana","GHA","Greece","GRC","Guinea","GIN","Guinea-Bissau","GNB","Hungary","HUN","Iceland","ISL","Ireland","IRL","Italy","ITA","Kenya","KEN","Latvia","LVA","Lesotho","LSO","Liberia","LBR","Libya","LBY","Liechtenstein","LIE","Lithuania","LTU","Luxembourg","LUX","Madagascar","MDG","Malawi","MWI","Mali","MLI","Malta","MLT","Mauritania","MRT","Mauritius","MUS","Moldova","MDA","Monaco","MCO","Montenegro","MNE","Morocco","MAR","Mozambique","MOZ","Namibia","NAM","Niger","NER","Nigeria","NGA","North Macedonia","MKD","Norway","NOR","Poland","POL","Portugal","PRT","Republic of Congo","COG","Romania","ROU","Rwanda","RWA","San Marino","SMR","São Tomé and Príncipe","STP","Senegal","SEN","Serbia","SRB","Seychelles","SYC","Sierra Leone","SLE","Slovakia","SVK","Slovenia","SVN","Somalia","SOM","South Africa","ZAF","South Sudan","SSD","Spain","ESP","Sudan","SDN","Sweden","SWE","Tanzania","TZA","Togo","TGO","Tunisia","TUN","Uganda","UGA","United Kingdom","GBR","Vatican City","VAT","Zambia","ZMB","Zimbabwe","ZWE","UK","Germany","Netherlands","Switzerland","CH","NL",1773850426640]