# Feature Access and Plan Restrictions

### Users without a plan

By default, users who have not signed up for a plan will only have access to authentication and account profile pages. This ensures that users without an active plan cannot access features beyond the basics.\
\
On the client side, users are restricted to just authentication and profile management until they choose a plan.

On the server side, actions such as inviting child users, accessing AI endpoints, or creating API keys should be disabled for users without an active plan. For example:

```javascript
// check account has a plan
const accountData = await account.get({ id: req.account });
utility.assert(accountData.plan, res.__('account.plan_required'));
```

As you build custom endpoints for your own features, it’s important to include this check to ensure actions cannot be performed without an active plan via the API.

### Restricting features by plan

When you want to limit feature access or impose usage limits based on the user's billing plan, it's recommended to define plan-specific flags or limits in your configuration within the Stripe plans object.

<pre class="language-javascript"><code class="lang-javascript">"plans": [
 {
  "id": "free",
  "name": "Free",
  "type": "free",
  "price": 0,
<strong>  "max_gb": 2,
</strong>  "store_files": true,
 }
]
</code></pre>

In your controller methods, you can check whether the user’s current plan permits the requested action or feature. For example:

<pre class="language-javascript"><code class="lang-javascript"><strong>exports.fileController.save = async function(req, res){
</strong><strong>
</strong><strong> const accountData = await account.get({ id: accountID });
</strong> const currentPlan = settings.plans.find(x => x.id === accountData.plan);
 utility.assert(currentPlan.store_files, res_('file.save.not_permitted_on_plan')

}
</code></pre>

This ensures that the feature or action is only available to users on the appropriate plan.