Replies: 2 comments 1 reply
-
|
Hi @bfoese! Payload's middleware is run on all requests, including the auth middleware that assigns the user to I suspect that you're not sending credentials in your request made to your custom endpoint. If you're using the Does this help? |
Beta Was this translation helpful? Give feedback.
-
|
Thank you so much for this information. I was wondering why the user object was empty in our case when using the |
Beta Was this translation helpful? Give feedback.
-
|
Hey @bfoese — did you ever solve this? I believe Dan is correct in that you may not be supplying I will convert this to a discussion so that we can continue the conversation there! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Documentation Issue
We have the following setup: We have one auth enabled collection "User". All other collections are not auth enabled, but we restrict access to the auto-generated CRUD endpoints via the
access: { read: .., create: ...}configuration where we provide functions which check if the user is authenticated for the "User" collection.Is it possible to somehow limit the access for custom endpoints in collections which are not auth enabled?
The documentation lacks information about this: https://payloadcms.com/docs/rest-api/overview#custom-endpoints.
The request object that was provided to the custom endpoint handler contained no authenticated user object. I assume the user was missing, because Passport would not kick in here to set the user on the request, when the endpoint is configured to not require authentication.
Additional Details
In case it is currently not possible to restrict access to custom endpoints the same way we can do this for the standard CRUD endpoints, this would be feature request.
Beta Was this translation helpful? Give feedback.
All reactions