Replies: 2 comments 9 replies
-
Heya! When you're opening that URL in the browser, without any authentication header or query params, you're not authenticated as any user, which is reflected in the accountability object you've shared 🙂 Note how it says user: null / role: null, which means you're not authenticated in any way. The shown permissions are the permissions for the public role 👍🏻 |
Beta Was this translation helpful? Give feedback.
4 replies
-
To give you an answer that's more applicable to your prompt:
You can simply add a if (!req.accountability.user) {
throw new ForbiddenException();
} 🙂 |
Beta Was this translation helpful? Give feedback.
5 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi!
I've looked at the docs and the Q&A from @keesvanbemmel regarding this topic, but I'm unable to figure out how this should work.
While trying to make a custom endpoint available only for users currently logged in with Directus, I'm unable to receive user data / role data, as the
req.accountability
object contains nothing pointing to the currently logged in user...Resulting JSON when calling the endpoint at http://localhost:8055/my-endpoint/ in the browser:
Should I maybe do something (call some service) before registering the route? Or is there some configuration option I looked over?
Any help is much appreciated! 🙂
Beta Was this translation helpful? Give feedback.
All reactions