Disable a user (including access to API)

default discord avatar
2 months ago

Hi! I've seen this subject already asked 2 weeks ago (


) but the original question only mentioned disabling access to the admin UI. I was able to create a checkbox and disable the user access to the admin UI by adding the following config on my



access: {
  admin: ({ req: { user } }) => {
    return Boolean(user) && !user.disabled;

However I would also like to disable this user access to the REST API, because right now, this user can still login through the



I believe I've looked through all the access control and authentication documentation pages, but to no avail. Right now, my solution has been to create all collections through a little helper function so that I can change default values. Most notably I can change the default access control of all my collections to forbid access to disabled users. Still, blocking user access at the login step would be a more allegant solution.

  • default discord avatar
    2 months ago

    In that case, you could use a


    hook, and throw an error, if they are disabled. This of course is only minded the login routes. You should make sure to then also require a user object to be available for each access control on all other collections

  • default discord avatar
    2 months ago

    Oh this is great, I completely missed the specific hooks for auth-enabled collections. It even shows the error message in the response! As you said, as long as the rest of my access controls are not set to public, it should prevent disabled users to access the collections as they won't be able to log in. Anyway, that solves my problem, thanks!

  • default discord avatar
    2 months ago


Open the post
Continue the discussion in Discord
Like what we're doing?
Star us on GitHub!


Connect with the Payload Community on Discord



Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.