The latest articles on DEV Community by Kacper Zawojski (@zawoj). https://dev.to/zawoj https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F671386%2F752f9683-f4f7-4754-b5d1-5cfd13d99f65.jpg https://dev.to/zawoj en Kacper Zawojski Fri, 26 Jun 2026 09:00:10 +0000 https://dev.to/zawoj/payload-v4-the-mcp-plugin-exposes-your-collections-to-llms-and-its-opt-out-2nlg https://dev.to/zawoj/payload-v4-the-mcp-plugin-exposes-your-collections-to-llms-and-its-opt-out-2nlg <p><code>@payloadcms/plugin-mcp</code> turns your Payload CMS into an MCP server, exposing your collections as tools for LLMs.</p> <p>Heads up for v4: after a refactor, every collection is now exposed with full CRUD <strong>by default</strong>. It's opt-out — you disable individual tools rather than enabling them:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nf">mcpPlugin</span><span class="p">({</span> <span class="na">collections</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// posts is exposed automatically — no entry needed</span> <span class="na">users</span><span class="p">:</span> <span class="p">{</span> <span class="na">tools</span><span class="p">:</span> <span class="p">{</span> <span class="na">create</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">update</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">delete</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}</span> <span class="p">},</span> <span class="c1">// find only</span> <span class="p">},</span> <span class="p">})</span> </code></pre> </div> <p>Custom tools are defined with the <code>defineTool</code> builder, taking input via <code>zod</code> v4:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">tools</span><span class="p">:</span> <span class="p">{</span> <span class="nl">getPostScores</span><span class="p">:</span> <span class="nf">defineTool</span><span class="p">({</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Score recent posts</span><span class="dl">'</span><span class="p">,</span> <span class="na">input</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">object</span><span class="p">({</span> <span class="na">since</span><span class="p">:</span> <span class="nx">z</span><span class="p">.</span><span class="nf">string</span><span class="p">()</span> <span class="p">}),</span> <span class="p">}).</span><span class="nf">handler</span><span class="p">(</span><span class="k">async </span><span class="p">({</span> <span class="nx">input</span><span class="p">,</span> <span class="nx">req</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">content</span><span class="p">:</span> <span class="p">[</span><span class="cm">/* ... */</span><span class="p">]</span> <span class="p">})),</span> <span class="p">}</span> </code></pre> </div> <p>⚠️ The thing to actually do after upgrading: collections you never listed are suddenly reachable through MCP. Review them and disable anything sensitive — an exposed <code>users</code> collection with <code>delete</code> is not a great default to inherit by accident.</p> payload zavcode tellmeicant cms Kacper Zawojski Wed, 24 Jun 2026 09:00:11 +0000 https://dev.to/zawoj/payload-v4-stricter-cron-sloppyranges-is-gone-2cj2 https://dev.to/zawoj/payload-v4-stricter-cron-sloppyranges-is-gone-2cj2 <p>Watch out for this one when upgrading to Payload v4: cron parsing got stricter.</p> <p>After the Croner bump to v10, the <code>sloppyRanges</code> escape hatch is gone. Stepping in a cron expression now has to be syntactically correct, or you get a <code>TypeError</code> at registration time — instead of it being silently ignored:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code><span class="gd">- cron: '/10 * * * *' // missing prefix — throws </span><span class="gi">+ cron: '*/10 * * * *' </span><span class="err"> </span><span class="gd">- cron: '5/15 * * * *' // numeric prefix — throws </span><span class="gi">+ cron: '5-59/15 * * * *' // explicit range </span></code></pre> </div> <p>This applies everywhere you write a schedule: <code>jobs.autoRun[].cron</code>, <code>schedule.cron</code>, and the <code>--cron</code> flag on the binary. The good news is the failure is loud — a malformed expression that used to quietly never fire now throws on startup, so you find out immediately.</p> payload zavcode tellmeicant cms Kacper Zawojski Mon, 22 Jun 2026 14:59:59 +0000 https://dev.to/zawoj/just-another-app-builder-for-no-code-29i7 https://dev.to/zawoj/just-another-app-builder-for-no-code-29i7 <p>We're launching an app I'm building with my cousin @Jędrzej Zawojski </p> <p>The app is built primarily for no-code, low-code developers and designers. If you keep hearing that your app will eventually fall apart, or that there will come a moment when you won't be able to keep developing it - our app is the answer to that problem.</p> <ul> <li>A set of skills that helps maintain code to the right standard</li> <li>Maintaining skills and memory</li> <li>Built-in git - version history and the ability to create new branches, meaning different variations of your app, all stored locally on your machine</li> <li>A GUI for managing your app - no more burning tokens on restarting, starting, stopping, or committing. Burn tokens on actual development, not on the repetitive stuff developers do from the terminal</li> </ul> <p>We also have a set of starters ready for you. Right now mainly built in Payload, because of my specialization - but many more are coming soon. A starter is a developer-prepared package with a base app, a set of skills, memory, and environment setup, done the way I would set it up myself.</p> <p>Additional features help you maintain and manage your repository properly - the way a developer would.</p> <p>Zero vendor lock-in. Everything works with Claude Code, Codex, and even local models. I'm testing the app on Ollama myself and it works.</p> <p>The official release is coming soon, but if you're interested, message me on LinkedIn to get early access.</p> <h1> TELLMEICANT #JAAB #PAYLOAD </h1> ai webdev programming beginners Kacper Zawojski Mon, 22 Jun 2026 09:00:07 +0000 https://dev.to/zawoj/payload-v4-every-block-gets-its-own-typescript-interface-hashed-on-collision-1dld https://dev.to/zawoj/payload-v4-every-block-gets-its-own-typescript-interface-hashed-on-collision-1dld <p>A nice quality-of-life change in Payload v4's type generation.</p> <p>Previously, a block only got its own TypeScript interface if you set <code>interfaceName</code>. In v4 the name is derived automatically from the slug (PascalCased), and when two different blocks would collide on a name, the second one gets a stable suffix from a content hash — so types never silently overwrite each other:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// slug 'content-block' -&gt; interface ContentBlock</span> <span class="c1">// a colliding block of a different shape -&gt; Hero_3F2A1B0C (deterministic hash)</span> </code></pre> </div> <p>The key word is <em>deterministic</em>: the hash is derived from the block's shape, so regenerating <code>payload-types.ts</code> doesn't churn your diffs. No more "why did half my types get renamed" after a codegen run.</p> payload zavcode tellmeicant cms Kacper Zawojski Sat, 20 Jun 2026 09:00:09 +0000 https://dev.to/zawoj/payload-depth-how-many-relationship-levels-expand-at-runtime-not-in-schema-3a78 https://dev.to/zawoj/payload-depth-how-many-relationship-levels-expand-at-runtime-not-in-schema-3a78 <p><code>depth</code> controls how many levels of relationships Payload expands — and it's a runtime decision, not something baked into your schema.</p> <p>The same document can come back "flat" or with its relationships populated, driven by a single query parameter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// depth: 0 -&gt; author is just an ID</span> <span class="p">{</span> <span class="nl">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1</span><span class="dl">'</span><span class="p">,</span> <span class="nx">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Hi</span><span class="dl">'</span><span class="p">,</span> <span class="nx">author</span><span class="p">:</span> <span class="dl">'</span><span class="s1">64a...</span><span class="dl">'</span> <span class="p">}</span> <span class="c1">// depth: 1 -&gt; author is a full object</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">1</span><span class="dl">'</span><span class="p">,</span> <span class="na">title</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Hi</span><span class="dl">'</span><span class="p">,</span> <span class="na">author</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">64a...</span><span class="dl">'</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Ada</span><span class="dl">'</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">payload</span><span class="p">.</span><span class="nf">findByID</span><span class="p">({</span> <span class="na">collection</span><span class="p">:</span> <span class="dl">'</span><span class="s1">posts</span><span class="dl">'</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="na">depth</span><span class="p">:</span> <span class="mi">2</span> <span class="p">})</span> </code></pre> </div> <p>And when you want to limit <em>which</em> fields get populated as a document is expanded from another document, reach for <code>defaultPopulate</code> on the collection — so you're not dragging entire heavy documents along for the ride.</p> <p>Tune <code>depth</code> per query and you control your payload size without touching the data model.</p> payload zavcode tellmeicant cms Kacper Zawojski Thu, 18 Jun 2026 09:00:25 +0000 https://dev.to/zawoj/payload-v4-jobs-always-run-at-depth-0-with-no-collection-hooks-113f https://dev.to/zawoj/payload-v4-jobs-always-run-at-depth-0-with-no-collection-hooks-113f <p>A v4 migration gotcha for anyone using Payload's job queue.</p> <p><code>jobs.depth</code> and <code>jobs.runHooks</code> were removed. Tasks now signal their result by throwing — not via a <code>state</code> field, which is gone:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// v3 (no longer works)</span> <span class="kd">const</span> <span class="nx">myTask</span><span class="p">:</span> <span class="nx">TaskHandler</span><span class="o">&lt;</span><span class="dl">'</span><span class="s1">MyTask</span><span class="dl">'</span><span class="o">&gt;</span> <span class="o">=</span> <span class="k">async </span><span class="p">({</span> <span class="nx">input</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">input</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">state</span><span class="p">:</span> <span class="dl">'</span><span class="s1">failed</span><span class="dl">'</span><span class="p">,</span> <span class="na">errorMessage</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Missing id</span><span class="dl">'</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">state</span><span class="p">:</span> <span class="dl">'</span><span class="s1">succeeded</span><span class="dl">'</span><span class="p">,</span> <span class="na">output</span><span class="p">:</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// v4</span> <span class="kd">const</span> <span class="nx">myTask</span><span class="p">:</span> <span class="nx">TaskHandler</span><span class="o">&lt;</span><span class="dl">'</span><span class="s1">MyTask</span><span class="dl">'</span><span class="o">&gt;</span> <span class="o">=</span> <span class="k">async </span><span class="p">({</span> <span class="nx">input</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">input</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Missing id</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// throw = fail + retry</span> <span class="k">return</span> <span class="p">{</span> <span class="na">output</span><span class="p">:</span> <span class="p">{</span> <span class="na">ok</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Jobs always run at <code>depth: 0</code> now, which means they operate on raw relationship IDs and skip collection hooks. It's faster and far more predictable — no surprise side effects from a hook firing deep inside a background task.</p> payload zavcode tellmeicant cms Kacper Zawojski Tue, 16 Jun 2026 09:00:26 +0000 https://dev.to/zawoj/payload-local-api-zero-http-but-full-access-control-when-you-want-it-3bdo https://dev.to/zawoj/payload-local-api-zero-http-but-full-access-control-when-you-want-it-3bdo <p><code>payload.find()</code> hits the database directly, in the same process — no HTTP, no fetch. By default it also <em>bypasses</em> access control, on the assumption that server-side code trusts itself.</p> <p>That assumption is exactly where holes appear. In server functions and endpoints that run on behalf of a user, you have to consciously turn enforcement on:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// DANGEROUS — full access, ignores access control</span> <span class="kd">const</span> <span class="nx">docs</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">payload</span><span class="p">.</span><span class="nf">find</span><span class="p">({</span> <span class="na">collection</span><span class="p">:</span> <span class="dl">'</span><span class="s1">posts</span><span class="dl">'</span> <span class="p">})</span> <span class="c1">// SAFE — respects access control for the given user</span> <span class="kd">const</span> <span class="nx">docs</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">payload</span><span class="p">.</span><span class="nf">find</span><span class="p">({</span> <span class="na">collection</span><span class="p">:</span> <span class="dl">'</span><span class="s1">posts</span><span class="dl">'</span><span class="p">,</span> <span class="na">overrideAccess</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="p">})</span> </code></pre> </div> <p>The trap is the default: <code>overrideAccess</code> is <code>true</code> unless you say otherwise. Any Local API call that returns data to an end user should pass <code>overrideAccess: false</code> and the <code>user</code>.</p> payload zavcode tellmeicant cms Kacper Zawojski Sun, 14 Jun 2026 09:00:22 +0000 https://dev.to/zawoj/payload-field-hooks-run-per-field-not-per-document-2paf https://dev.to/zawoj/payload-field-hooks-run-per-field-not-per-document-2paf <p>In most CMSs, hooks live on the whole document. In Payload, a hook lives on a specific field and receives that field's context — <code>siblingData</code>, <code>value</code>, <code>operation</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">{</span> <span class="nl">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">slug</span><span class="dl">'</span><span class="p">,</span> <span class="kd">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">text</span><span class="dl">'</span><span class="p">,</span> <span class="nx">hooks</span><span class="p">:</span> <span class="p">{</span> <span class="nl">beforeChange</span><span class="p">:</span> <span class="p">[</span> <span class="p">({</span> <span class="nx">value</span><span class="p">,</span> <span class="nx">siblingData</span><span class="p">,</span> <span class="nx">operation</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">operation</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">create</span><span class="dl">'</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">value</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">slugify</span><span class="p">(</span><span class="nx">siblingData</span><span class="p">.</span><span class="nx">title</span><span class="p">)</span> <span class="c1">// compute the slug from a sibling field</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">value</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">}</span> </code></pre> </div> <p>Combine that with <code>virtual: true</code> and you get purely computed fields: the hook produces the value on <code>afterRead</code>, and nothing ever lands in the database.</p> <p>It's a small shift in mental model, but it makes logic local to the data it touches instead of scattered across one giant document-level hook.</p> payload zavcode tellmeicant cms Kacper Zawojski Fri, 12 Jun 2026 09:00:33 +0000 https://dev.to/zawoj/payload-virtual-path-fields-relationship-data-with-zero-extra-columns-3on https://dev.to/zawoj/payload-virtual-path-fields-relationship-data-with-zero-extra-columns-3on <p>Any field in Payload can be marked <code>virtual</code>. The best version is <code>virtual</code> as a <em>path</em> — it automatically resolves the value from a relationship, with nothing written to the database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">{</span> <span class="nl">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">authorName</span><span class="dl">'</span><span class="p">,</span> <span class="kd">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">text</span><span class="dl">'</span><span class="p">,</span> <span class="nx">virtual</span><span class="p">:</span> <span class="dl">'</span><span class="s1">author.name</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// walks through the `author` relationship down to `name`</span> <span class="p">}</span> </code></pre> </div> <p>And when the path crosses a <code>hasMany</code> relationship, you get an array back:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">{</span> <span class="nl">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">categoryTitles</span><span class="dl">'</span><span class="p">,</span> <span class="kd">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">text</span><span class="dl">'</span><span class="p">,</span> <span class="nx">hasMany</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="nx">virtual</span><span class="p">:</span> <span class="dl">'</span><span class="s1">categories.title</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// =&gt; ['Tech', 'News', 'Updates']</span> <span class="p">}</span> </code></pre> </div> <p>The field shows up in your API responses and in your generated types — but it never takes up a column. Perfect for flattening relationship data without denormalizing your schema.</p> payload zavcode tellmeicant cms Kacper Zawojski Wed, 10 Jun 2026 12:59:59 +0000 https://dev.to/zawoj/what-would-you-ask-the-framer-team-if-you-had-the-chance-33nk https://dev.to/zawoj/what-would-you-ask-the-framer-team-if-you-had-the-chance-33nk <p>What would you ask the Framer team if you had the chance? 👇<br> Drop your questions in the comments - I'll take them with me and ask on your behalf.</p> <p>Here's why: on June 16, Framer is dropping its biggest release in years - a fundamentally new way to work in the tool. I'll be watching the launch live at a small, invite-only Watch Party here in Warsaw, then jumping into a hackathon to build with it that same night.</p> <p>The catch? It's a tiny room (~20 builders), so most of the community can't be there in person - but your questions can. Whatever you're curious about - the new features, the workflow shift, what it means for how we build - send it my way, and I'll bring the answers back here for everyone.</p> <p>Big things ahead for Framer. Let's explore them together. 💛</p> <p>PS: And no, I don't only do Payload. Sometimes. 😏</p> nocode ai Kacper Zawojski Wed, 10 Jun 2026 09:00:25 +0000 https://dev.to/zawoj/payload-v4-forceselect-is-now-a-select-function-and-its-a-subtle-trap-42h8 https://dev.to/zawoj/payload-v4-forceselect-is-now-a-select-function-and-its-a-subtle-trap-42h8 <p>In Payload v3, <code>forceSelect</code> was a static object that deep-merged with the caller's <code>select</code>. In v4 it became a function — and that function <em>replaces</em> the caller's select instead of adding to it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">Posts</span><span class="p">:</span> <span class="nx">CollectionConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">slug</span><span class="p">:</span> <span class="dl">'</span><span class="s1">posts</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Careful: you must spread the caller's select yourself, or you'll overwrite it!</span> <span class="na">select</span><span class="p">:</span> <span class="p">({</span> <span class="nx">operation</span><span class="p">,</span> <span class="nx">req</span><span class="p">,</span> <span class="nx">select</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="nx">select</span> <span class="p">?</span> <span class="p">{</span> <span class="p">...</span><span class="nx">select</span><span class="p">,</span> <span class="na">title</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">,</span> <span class="na">fields</span><span class="p">:</span> <span class="p">[</span><span class="cm">/* ... */</span><span class="p">],</span> <span class="p">}</span> </code></pre> </div> <p>Returning <code>undefined</code> means "leave the caller's select untouched." You also get <code>operation</code> and <code>req</code>, so you can hand back a different select for the REST API than for the admin panel.</p> <p>One important detail: there's no document data here — <code>select</code> runs <em>before</em> read.</p> payload zavcode tellmeicant cms Kacper Zawojski Mon, 08 Jun 2026 09:00:34 +0000 https://dev.to/zawoj/payload-access-control-isnt-a-boolean-its-a-query-constraint-2j62 https://dev.to/zawoj/payload-access-control-isnt-a-boolean-its-a-query-constraint-2j62 <p>This is, in my opinion, Payload's most underrated feature.</p> <p>An <code>access</code> function can return <code>true</code>/<code>false</code> — or it can return a <code>Where</code> object that Payload stitches into every query at the database level. That's row-level security, for free:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">canReadPage</span><span class="p">:</span> <span class="nx">Access</span><span class="o">&lt;</span><span class="nx">Page</span><span class="o">&gt;</span> <span class="o">=</span> <span class="p">({</span> <span class="na">req</span><span class="p">:</span> <span class="p">{</span> <span class="nx">user</span> <span class="p">}</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="k">return</span> <span class="kc">true</span> <span class="c1">// A guest only sees public documents — the filter goes to the DB, not to JS</span> <span class="k">return</span> <span class="p">{</span> <span class="na">isPublic</span><span class="p">:</span> <span class="p">{</span> <span class="na">equals</span><span class="p">:</span> <span class="kc">true</span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>You don't fetch everything and then filter in memory — this <code>Where</code> becomes part of the <code>WHERE</code> clause in SQL (or <code>$match</code> in Mongo). And it works identically for <code>read</code>, <code>update</code>, and <code>delete</code>.</p> <p>Once it clicks that access control is a <em>constraint</em>, not a <em>gate</em>, a whole class of "filter the user's own records" problems just disappears.</p> payload zavcode tellmeicant cms