help-> I have setup access control in my app according to the documentation. Everything seem to work fine on my machine. However, when I deploy, anywhere I implementation access control produces an error ( you are not allowed to ...) . I.e.

for example:

----------------

const Instruments: CollectionConfig = {

slug: 'instruments',

admin: {

useAsTitle: 'name',

defaultColumns:['name']

access: {

read: () => true,

create:()=>true,

update: ({ req: { user } }) =>{

return Boolean(user)

delete:isAdmin

fields: [

{

name: 'name',

type: 'text',

required:true

timestamps: false,

}

export default Instruments;

------------

read works, create works, but neither do update and delete

jarrod_not_jared
2 years ago
What does your update request/fetch look like?
taongab2 years ago
response -> from ssh: Forbidden: You are not allowed to perform this action.

at new ExtendableError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:26:11)

at new APIError (/home/jelastic/ROOT/node_modules/payload/src/errors/APIError.ts:43:5)

at new Forbidden (/home/jelastic/ROOT/node_modules/payload/src/errors/Forbidden.ts:7:5)

at executeAccess (/home/jelastic/ROOT/node_modules/payload/src/auth/executeAccess.ts:9:43)

at processTicksAndRejections (node:internal/process/task_queues:96:5)

at update (/home/jelastic/ROOT/node_modules/payload/src/collections/operations/update.ts:97:43)

at updateHandler (/home/jelastic/ROOT/node_modules/payload/src/collections/requestHandlers/update.ts:24:17)

this is from trying in payload admin

Update: solution found

I added these to my config:

---

rateLimit:{

trustProxy:true

},

csrf:[

'<url_to_the_site>'

]

I am running my app in a virtuozzo environnement with a lot of control on deployment, loadbalancing etc... No clue which on of the 2 worked, though.

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.