Unathorized

bensler

2 months ago

Hello everyone,

I have three users:

- 1 that is only admin.

- 1 that is admin and user.

- 1 that is only user.

The first two have no problems logging in or anything else.

However the one that is only "user" gets this error when logging in:

Unauthorized, you must be logged in to make this request.

You are not allowed to access this page.

The URL is the dashboard -> my-url/admin

I haven't changed anything access wise, only added the users.

Does anyone know how to fix it?

notchr
2 months ago
@bensler So you have a single collection type for users / admins?

May we check out the collection?
bensler
2 months ago
I used the default website template on the payload cloud site. It gave me two roles, user and admin
notchr
2 months ago
Sure thing, may we see the collection?

bensler

2 months ago

export const UserFields: CollectionConfig['fields'] = [
  {
    name: 'name',
    type: 'text',
  },
  {
    name: 'roles',
    type: 'select',
    hasMany: true,
    saveToJWT: true,
    hooks: {
      beforeChange: [ensureFirstUserIsAdmin],
    },
    defaultValue: ['user'],
    options: [
      {
        label: 'admin',
        value: 'admin',
      },
      {
        label: 'user',
        value: 'user',
      },
    ],
    access: {
      read: admins,
      create: admins,
      update: admins,
    },
  },
]

const Users: CollectionConfig = {
  slug: 'users',
  admin: {
    useAsTitle: 'name',
    defaultColumns: ['name', 'email'],
  },
  access: {
    read: adminsAndUser,
    create: anyone,
    update: adminsAndUser,
    delete: admins,
    admin: ({ req: { user } }) => checkRole(['admin'], user),
  },
  auth: true,
  fields: UserFields,
  timestamps: true,
}

export default Users

Is this what you want? 🙂

notchr
2 months ago
hmmm

@bensler temporarily

replace the read value, adminsAndUser with

() => true

read: () => true,

and then try logging in

we can determine the source of the issue
bensler
2 months ago
Same error
jarrod_not_jared
Payload Team
2 months ago
try removing
admin: ({ req: { user } }) => checkRole(['admin'], user),
bensler
2 months ago
That did the trick, thank you 🙂
generator101
2 months ago
@jarrod_not_jared what does that code do? I am facing similar issue, wouldnt removing that code create some security thing since that checks the role?
jarrod_not_jared
Payload Team
2 months ago
@bensler wanted all users to be able to log in to the admin panel, but was restricting it based on the
admin
role. A user that did not have that role would never be able to access the admin panel.

so he would need to extend it to check admin and user roles, or create some other more generic field/setting on a user that allows them to login. Similar convo here:
https://discord.com/channels/967097582721572934/1126801396331708466
generator101
2 months ago
I was testing this repo yesterday
https://discord.com/channels/967097582721572934/1125626247343517707/1126641928633589852
and faced this issue where I could not login

https://github.com/payloadcms/payload/blob/master/examples/auth/cms/src/collections/Users.ts#L28

and that line of code is also here
notchr
2 months ago
@generator101 Interesting, does anyone know the default value of that function?

must return false or undefined
jarrod_not_jared
Payload Team
2 months ago
@generator101 Looks like there are a couple small bugs with this example proj, looking into em now
generator101
2 months ago
thanks @jarrod_not_jared for now I just commented that hook and it seems to be working but good to get an idea of what is causing the issue
jarrod_not_jared
Payload Team
2 months ago
So I fixed the duplicate
user
role being added. The other issue you are having with not being able to create a user with the admin role, makes sense. You really do not want all users to be able to add the
admin
role by adding it to the form data. This line (
https://github.com/payloadcms/payload/blob/master/examples/auth/cms/src/collections/hooks/protectRoles.ts#L7
) is responsible for allowing only a specific email address
demo@payloadcms.com
to be considered admin. You could adjust this logic to fit your needs though.
generator101
2 months ago
@jarrod_not_jared thanks, that didnt seem to fix the issue, I am an admin and still cannot login
jarrod_not_jared
Payload Team
2 months ago
Did you adjust that line like mentioned?
generator101
2 months ago
yeah, I update the hook but I left
```
const isAdmin = req.user?.roles.includes('admin')
```
which I think should be sufficient no?

I already have admin user

but somehow this hook changes that role to user
jarrod_not_jared
Payload Team
2 months ago
Oh I see, can you add
saveToJWT: true,
to the roles field on the users collection
generator101
2 months ago
@jarrod_not_jared unfortunately if I enable
```
admin: ({ req: { user } }) => checkRole(['admin'], user),
```
I still have unauthorized message error
jarrod_not_jared
Payload Team
2 months ago
AH

my fix for the protectRoles function was wrong. updated, see here:
https://github.com/payloadcms/payload/commit/4b60845c670a211b9052f48c7dd7793350f0e8c8

Open the post

Continue the discussion in Discord

Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.