Unathorized

default discord avatar
bensler
2 months ago
21

Hello everyone,



I have three users:


- 1 that is only admin.


- 1 that is admin and user.


- 1 that is only user.



The first two have no problems logging in or anything else.



However the one that is only "user" gets this error when logging in:



Unauthorized, you must be logged in to make this request.


You are not allowed to access this page.



The URL is the dashboard -> my-url/admin



I haven't changed anything access wise, only added the users.



Does anyone know how to fix it?

  • default discord avatar
    notchr
    2 months ago

    @bensler So you have a single collection type for users / admins?



    May we check out the collection?

  • default discord avatar
    bensler
    2 months ago

    I used the default website template on the payload cloud site. It gave me two roles, user and admin

  • default discord avatar
    notchr
    2 months ago

    Sure thing, may we see the collection?

  • default discord avatar
    bensler
    2 months ago
    export const UserFields: CollectionConfig['fields'] = [
      {
        name: 'name',
        type: 'text',
      },
      {
        name: 'roles',
        type: 'select',
        hasMany: true,
        saveToJWT: true,
        hooks: {
          beforeChange: [ensureFirstUserIsAdmin],
        },
        defaultValue: ['user'],
        options: [
          {
            label: 'admin',
            value: 'admin',
          },
          {
            label: 'user',
            value: 'user',
          },
        ],
        access: {
          read: admins,
          create: admins,
          update: admins,
        },
      },
    ]
    
    const Users: CollectionConfig = {
      slug: 'users',
      admin: {
        useAsTitle: 'name',
        defaultColumns: ['name', 'email'],
      },
      access: {
        read: adminsAndUser,
        create: anyone,
        update: adminsAndUser,
        delete: admins,
        admin: ({ req: { user } }) => checkRole(['admin'], user),
      },
      auth: true,
      fields: UserFields,
      timestamps: true,
    }
    
    export default Users


    Is this what you want? 🙂

  • default discord avatar
    notchr
    2 months ago

    hmmm



    @bensler temporarily



    replace the read value, adminsAndUser with



    () => true



    read: () => true,



    and then try logging in



    we can determine the source of the issue

  • default discord avatar
    bensler
    2 months ago

    Same error

  • discord user avatar
    jarrod_not_jared
    Payload Team
    2 months ago

    try removing

    admin: ({ req: { user } }) => checkRole(['admin'], user),
  • default discord avatar
    bensler
    2 months ago

    That did the trick, thank you 🙂

  • default discord avatar
    generator101
    2 months ago

    @jarrod_not_jared what does that code do? I am facing similar issue, wouldnt removing that code create some security thing since that checks the role?

  • discord user avatar
    jarrod_not_jared
    Payload Team
    2 months ago

    @bensler wanted all users to be able to log in to the admin panel, but was restricting it based on the

    admin

    role. A user that did not have that role would never be able to access the admin panel.



    so he would need to extend it to check admin and user roles, or create some other more generic field/setting on a user that allows them to login. Similar convo here:

    https://discord.com/channels/967097582721572934/1126801396331708466
  • default discord avatar
    generator101
    2 months ago
  • default discord avatar
    notchr
    2 months ago

    @generator101 Interesting, does anyone know the default value of that function?



    must return false or undefined

  • discord user avatar
    jarrod_not_jared
    Payload Team
    2 months ago

    @generator101 Looks like there are a couple small bugs with this example proj, looking into em now

  • default discord avatar
    generator101
    2 months ago

    thanks @jarrod_not_jared for now I just commented that hook and it seems to be working but good to get an idea of what is causing the issue

  • discord user avatar
    jarrod_not_jared
    Payload Team
    2 months ago

    So I fixed the duplicate

    user

    role being added. The other issue you are having with not being able to create a user with the admin role, makes sense. You really do not want all users to be able to add the

    admin

    role by adding it to the form data. This line (

    https://github.com/payloadcms/payload/blob/master/examples/auth/cms/src/collections/hooks/protectRoles.ts#L7

    ) is responsible for allowing only a specific email address

    demo@payloadcms.com

    to be considered admin. You could adjust this logic to fit your needs though.

  • default discord avatar
    generator101
    2 months ago

    @jarrod_not_jared thanks, that didnt seem to fix the issue, I am an admin and still cannot login



    image.png
  • discord user avatar
    jarrod_not_jared
    Payload Team
    2 months ago

    Did you adjust that line like mentioned?

  • default discord avatar
    generator101
    2 months ago

    yeah, I update the hook but I left

    const isAdmin = req.user?.roles.includes('admin')

    which I think should be sufficient no?



    I already have admin user



    but somehow this hook changes that role to user

  • discord user avatar
    jarrod_not_jared
    Payload Team
    2 months ago

    Oh I see, can you add

    saveToJWT: true,

    to the roles field on the users collection

  • default discord avatar
    generator101
    2 months ago

    @jarrod_not_jared unfortunately if I enable

    admin: ({ req: { user } }) => checkRole(['admin'], user),

    I still have unauthorized message error

  • discord user avatar
    jarrod_not_jared
    Payload Team
    2 months ago

    AH



    my fix for the protectRoles function was wrong. updated, see here:

    https://github.com/payloadcms/payload/commit/4b60845c670a211b9052f48c7dd7793350f0e8c8
Open the post
Continue the discussion in Discord
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.