access control - user missing in req

default discord avatar
taongaB
6 months ago
8

help-> I have setup access control in my app according to the documentation. Everything seem to work fine on my machine. However, when I deploy, anywhere I implementation access control produces an error ( you are not allowed to ...) . I.e.



for example:


----------------


const Instruments: CollectionConfig = {


slug: 'instruments',


admin: {


useAsTitle: 'name',


defaultColumns:['name']


},


access: {


read: () => true,


create:()=>true,


update: ({ req: { user } }) =>{


return Boolean(user)


},


delete:isAdmin


},


fields: [


{


name: 'name',


type: 'text',


required:true


},


],


timestamps: false,


}



export default Instruments;




------------



read works, create works, but neither do update and delete

  • default discord avatar
    Jarrod
    6 months ago

    What does your update request/fetch look like?

  • default discord avatar
    taongaB
    6 months ago

    response -> from ssh: Forbidden: You are not allowed to perform this action.


    at new ExtendableError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:26:11)


    at new APIError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:43:5)


    at new Forbidden (/home/jelastic/ROOT/node_modules/payload/src/errors/Forbidden.ts:7:5)


    at executeAccess (/home/jelastic/ROOT/node_modules/payload/src/auth/executeAccess.ts:9:43)


    at processTicksAndRejections (node:internal/process/task_queues:96:5)


    at update (/home/jelastic/ROOT/node_modules/payload/src/collections/operations/update.ts:97:43)


    at updateHandler (/home/jelastic/ROOT/node_modules/payload/src/collections/requestHandlers/update.ts:24:17)



    this is from trying in payload admin



    Update: solution found



    I added these to my config:



    ---



    rateLimit:{


    trustProxy:true


    },


    csrf:[


    '<url_to_the_site>'


    ]



    I am running my app in a virtuozzo environnement with a lot of control on deployment, loadbalancing etc... No clue which on of the 2 worked, though.

Open the post
Continue the discussion in Discord
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.