Like what we’re doing? Star us on GitHub!

access control - user missing in req

taongaB
2 weeks ago
8

help-> I have setup access control in my app according to the documentation. Everything seem to work fine on my machine. However, when I deploy, anywhere I implementation access control produces an error ( you are not allowed to ...) . I.e.



for example:


----------------


const Instruments: CollectionConfig = {


slug: 'instruments',


admin: {


useAsTitle: 'name',


defaultColumns:['name']


},


access: {


read: () => true,


create:()=>true,


update: ({ req: { user } }) =>{


return Boolean(user)


},


delete:isAdmin


},


fields: [


{


name: 'name',


type: 'text',


required:true


},


],


timestamps: false,


}



export default Instruments;




------------



read works, create works, but neither do update and delete

  • Jarrod
    Payload Team
    2 weeks ago

    What does your update request/fetch look like?

  • taongaB
    2 weeks ago

    response -> from ssh: Forbidden: You are not allowed to perform this action.


    at new ExtendableError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:26:11)


    at new APIError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:43:5)


    at new Forbidden (/home/jelastic/ROOT/node_modules/payload/src/errors/Forbidden.ts:7:5)


    at executeAccess (/home/jelastic/ROOT/node_modules/payload/src/auth/executeAccess.ts:9:43)


    at processTicksAndRejections (node:internal/process/task_queues:96:5)


    at update (/home/jelastic/ROOT/node_modules/payload/src/collections/operations/update.ts:97:43)


    at updateHandler (/home/jelastic/ROOT/node_modules/payload/src/collections/requestHandlers/update.ts:24:17)



    this is from trying in payload admin



    Update: solution found



    I added these to my config:



    ---



    rateLimit:{


    trustProxy:true


    },


    csrf:[


    '<url_to_the_site>'


    ]



    I am running my app in a virtuozzo environnement with a lot of control on deployment, loadbalancing etc... No clue which on of the 2 worked, though.

Open the post
Continue the discussion in Discord
Can't find what you're looking for?
Get help straight from the Payload team with an Enterprise License.Learn More