All rules follow the PocketBase filter syntax and operators .

{#if showFiltersInfo}

The following record fields are available:

{#each fieldNames as name} {#if !hiddenFieldNames.includes(name)} {name} {/if} {/each}

The request fields could be accessed with the special @request filter:

@request.headers.* @request.query.* @request.body.* @request.auth.*

You could also add constraints and query other collections using the @collection filter:

@collection.ANY_COLLECTION_NAME.*

Example rule:
@request.auth.id != "" && created > "2022-01-01 00:00:00"

{/if}

{#if collection?.type !== "view"} {/if} {#if collection?.type === "auth"}

{#if showExtraRules}

This rule is executed every time before authentication allowing you to restrict who can authenticate.

For example, to allow only verified users you can set it to verified = true.

Leave it empty to allow anyone with an account to authenticate.

To disable authentication entirely you can change it to "Set superusers only".

This rule is executed in addition to the create and update API rules.

It enables superuser-like permissions to allow fully managing the auth record(s), eg. changing the password without requiring to enter the old one, directly updating the verified state or email, etc.

{/if} {/if}