Simplify your stack and build anything. Or everything.
Build tomorrow’s web with a modern solution you truly own.
Code-based nature means you can build on top of it to power anything.
It’s time to take back your content infrastructure.

access control - user missing in req

default discord avatar
taongab2 years ago
2

help-> I have setup access control in my app according to the documentation. Everything seem to work fine on my machine. However, when I deploy, anywhere I implementation access control produces an error ( you are not allowed to ...) . I.e.



for example:


----------------


const Instruments: CollectionConfig = {


slug: 'instruments',


admin: {


useAsTitle: 'name',


defaultColumns:['name']


},


access: {


read: () => true,


create:()=>true,


update: ({ req: { user } }) =>{


return Boolean(user)


},


delete:isAdmin


},


fields: [


{


name: 'name',


type: 'text',


required:true


},


],


timestamps: false,


}



export default Instruments;




------------



read works, create works, but neither do update and delete

  • discord user avatar
    jarrod_not_jared
    2 years ago

    What does your update request/fetch look like?

  • default discord avatar
    taongab2 years ago

    response -> from ssh: Forbidden: You are not allowed to perform this action.


    at new ExtendableError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:26:11)


    at new APIError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:43:5)


    at new Forbidden (/home/jelastic/ROOT/node_modules/payload/src/errors/Forbidden.ts:7:5)


    at executeAccess (/home/jelastic/ROOT/node_modules/payload/src/auth/executeAccess.ts:9:43)


    at processTicksAndRejections (node:internal/process/task_queues:96:5)


    at update (/home/jelastic/ROOT/node_modules/payload/src/collections/operations/update.ts:97:43)


    at updateHandler (/home/jelastic/ROOT/node_modules/payload/src/collections/requestHandlers/update.ts:24:17)



    this is from trying in payload admin



    Update: solution found



    I added these to my config:



    ---



    rateLimit:{


    trustProxy:true


    },


    csrf:[


    '<url_to_the_site>'


    ]



    I am running my app in a virtuozzo environnement with a lot of control on deployment, loadbalancing etc... No clue which on of the 2 worked, though.

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.