Help Needed with Access Control in M2M Relationship

Help
, ,
1

Hi,

I am seeking help to resolve an access control issue in a Directus collection involving a many-to-many relationship.

I have a mobile_studies (MS) collection with two fields:

  • Tasks – a many-to-many (M2M) relationship with MS.

  • Participants – a one-to-many (O2M) relationship with MS, pointing to directus_users.

I want to display all tasks associated with an MS where the CURRENT_USER is a participant, specifically when I open the Tasks collection in the Directus UI.

I have tried several approaches, including using the junction collection, but the junction only allows me to set task fields in MS and does not let me filter tasks directly in the Tasks collection.

I also attempted the following filter(and some others as well):
{

“mobile_studies_tasks_1”: {

"\_some": {

  "mobile_studies_id": {

    "participants": {

      "\_some": {

        "id": {

          "\_eq": "$CURRENT_USER"

        }

      }

    }

  }

}

}

}

However, none of them worked; all tasks still appear in the Tasks collection.

Could you please advise on how to properly configure access control so that only tasks from studies where the current user is a participant are shown in the Tasks collection?

Thank you for your help.

2

I think the problem here is that you need to go one level deeper. The ID that your files are in on right now is the ID of the participant’s role, not the ID of the user you’re trying to compare it against. I do not know the name of the many-to-one that points back to a director’s user, but assuming it’s an auto-generated thing like directus_users_id, you would want to use something like the following:

{
	"mobile_studies_tasks_1": {
		"_some": {
			"mobile_studies_id": {
				"participants": {
					"_some": {
						"directus_users_id": {
							"id": {
								"_eq": "$CURRENT_USER"
							}
						}
					}
				}
			}
		}
	}
}