Disable a user (including access to API)

default discord avatar
dr_mint11 months ago
3

Hi! I've seen this subject already asked 2 weeks ago (

https://discord.com/channels/967097582721572934/1126801396331708466

) but the original question only mentioned disabling access to the admin UI. I was able to create a checkbox and disable the user access to the admin UI by adding the following config on my

Users

collection:


access: {
  admin: ({ req: { user } }) => {
    return Boolean(user) && !user.disabled;
  },
}

However I would also like to disable this user access to the REST API, because right now, this user can still login through the

/api/users/login

endpoint.


I believe I've looked through all the access control and authentication documentation pages, but to no avail. Right now, my solution has been to create all collections through a little helper function so that I can change default values. Most notably I can change the default access control of all my collections to forbid access to disabled users. Still, blocking user access at the login step would be a more allegant solution.

  • default discord avatar
    imcorfitz11 months ago

    In that case, you could use a

    beforeLogin

    hook, and throw an error, if they are disabled. This of course is only minded the login routes. You should make sure to then also require a user object to be available for each access control on all other collections

  • default discord avatar
    dr_mint11 months ago

    Oh this is great, I completely missed the specific hooks for auth-enabled collections. It even shows the error message in the response! As you said, as long as the rest of my access controls are not set to public, it should prevent disabled users to access the collections as they won't be able to log in. Anyway, that solves my problem, thanks!

  • default discord avatar
    imcorfitz11 months ago

    CHeers!

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.