"You are not allowed to perform this action."

tansan.ethlast year

15

• 

  markatomniuxlast year

  How are you trying to access the Payload API, with an API key?

• 

  tansan.ethlast year

  That's correct

• 

  markatomniuxlast year

  Access Control runs when ever a resource from a collection is requested. By default, Access Control disables public access to all operations in a collection unless specified otherwise. That means you must either be performing an operation while logged into the Payload Admin UI, or attach an Authorization header to your fetch requests in order to perform CRUD operations on a collection. This is done in order to protect your data from malicious intent.

  
  
  

  If you wish to allow unrestricted CRUD on your collection, you can set each access control params to () => true;

  
  
  

  read: () => true // allows public GET
  update: () => true // allows public PATCH
  create: () => true // allows public POST
  delete: () => true // allows public DELETE

• 

  tansan.ethlast year

  Just using a simple curl to see how it works

  
  
  

  That's what I have at the moment

• 

  markatomniuxlast year

  If you leave the access control to the default mode, i.e. not including an

  access: { }

  field in your collection, you must pass an authorization header to all requests attempting to access that collection via the API, or including a httpOnly cookie with

  credentials: 'include'

  as part of your fetch request

• 

  tansan.ethlast year

  I believe I have both done

• 

  markatomniuxlast year

  go dump your request and I'll take a peak

• 

  tansan.ethlast year

  Okay I just started my server and it asked to push a schema. It seems like its working now after that. I don't think I understand the migrations well. Does it run on server start?

  
  
  

  It's possible the resource was just previously missing

• 

  markatomniuxlast year

  migrations run on server startup, but that's a Database operation, that won't have any impact on your access control unless there was an issue preventing your server from starting?

  
  
  

  that's the only thing i can think of

• 

  tansan.ethlast year

  Truthfully unsure. It started working after I restarted my server, and thank you for the help

  
  
  

  I didn't add any new code/change the curl either. I just re-used what was in my terminal history

• 

  markatomniuxlast year

  Payload v2 or v3 beta?

  
  
  

  if it's v2 then it sometimes requires a full refresh when you make an update to your collection

• 

  tansan.ethlast year

  v2

  
  
  

  What does a full refresh mean in this case? refreshing the browser or something else?

• 

  markatomniuxlast year

  no, refreshing the server. In V2 its a React App running on an express server, so sometimes you need to restart the express server rather than just relying on nodemon to do it

  
  
  

  Generally speaking, any config changes made to your collections, globals, fields, or Payload Config require some kind of server restart. if you are making visual changes like labels or custom React changes, they tend to refresh fine with nodemon

• 

  tansan.ethlast year

  ah got it. this makes a lot of sense

  
  
  

  would v3 solve these issues?

  
  
  

  i would def be open to using v3 in the future

• 

  markatomniuxlast year

  Yeah v3 move Payload over to NextJS so the devX is a lot better, it’s still in beta though 😄