Access control - user = undefined

default discord avatar
markus9797
8 months ago
1 2

Hi!
I have been following some sample projects & am trying to set some user access rules.
For a collection "Posts" the access control is set as follows:
const isLoggedIn: Access<any, User> = ({ req: { user } }): boolean => { // Return true if user is logged in, false if not console.log(user); return Boolean(user); }

with the access defined as:
const Posts: CollectionConfig = { // the slug is used for naming the collection in the database and the APIs that are open. For example: api/posts/${id} slug: 'posts', admin: { // this is the name of a field which will be visible for the edit screen and is also used for relationship fields useAsTitle: 'title', // defaultColumns is used on the listing screen in the admin UI for the collection defaultColumns: [ 'title', 'category', 'publishDate', 'tags', 'status' ], group: 'Content' }, access: { create: isLoggedIn, update: isLoggedIn, delete: isLoggedIn, read: isLoggedIn

The read works fine (get request), however all other requet (delete/post/update) fail, since the user somehow ends up undefined for the request object. I checked the session cookie, this one gets send along correctly, so I wonder where the failure might be coming from.

  • default discord avatar
    markus9797
    8 months ago

    Turned out the problem was based on cors issues.
    (The dev server ran on the local network & I configured dnsmasq (which is installed on a raspberry pi acting as local dns server) to map the ip to a domain name.
    The PAYLOAD_PUBLIC_SERVER_URL in the .env was adapted to match that name, which resolved cors issues for GET requests.
    However, for other types (e.g. POST) the issue persisted silenently (no errors indicating cors issue were logged).
    As a fix for now I added the domain in the csrf array of the payload.config.ts file. -
    in case anybody else runs into a similar situation in the future.

  • default discord avatar
    markus9797
    8 months ago

    Forgot to add markdown to the code sections ->

    Hi!
    I have been following some sample projects & am trying to set some user access rules.

    For a collection "Posts" the access control is set as follows:
    const isLoggedIn: Access<any, User> = ({ req: { user } }): boolean => { // Return true if user is logged in, false if not console.log(user); return Boolean(user); }
    
    

    with the access defined as:
    const Posts: CollectionConfig = { // the slug is used for naming the collection in the database and the APIs that are open. For example: api/posts/${id} slug: 'posts', admin: { // this is the name of a field which will be visible for the edit screen and is also used for relationship fields useAsTitle: 'title', // defaultColumns is used on the listing screen in the admin UI for the collection defaultColumns: [ 'title', 'category', 'publishDate', 'tags', 'status' ], group: 'Content' }, access: { create: isLoggedIn, update: isLoggedIn, delete: isLoggedIn, read: isLoggedIn

    The read works fine (get request), however all other requet (delete/post/update) fail, since the user somehow ends up undefined for the request object. I checked the session cookie, this one gets send along correctly, so I wonder where the failure might be coming from.

Open the post
Continue the discussion in GitHub
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.