Feature Access and Plan Restrictions

The most common authorisation scenario you will find yourself building is controlling access to features based on the account's billing plan.

Users without a plan

By default, users who have not signed up for a plan will only have access to authentication and account profile pages. This ensures that users without an active plan cannot access features beyond the basics. On the client side, users are restricted to just authentication and profile management until they choose a plan.

On the server side, actions such as inviting child users, accessing AI endpoints, or creating API keys should be disabled for users without an active plan. For example:

// check account has a plan
const accountData = await account.get({ id: req.account });
utility.assert(accountData.plan, res.__('account.plan_required'));

As you build custom endpoints for your own features, it’s important to include this check to ensure actions cannot be performed without an active plan via the API.

Restricting features by plan

When you want to limit feature access or impose usage limits based on the user's billing plan, it's recommended to define plan-specific flags or limits in your configuration within the Stripe plans object.

"plans": [
 {
  "id": "free",
  "name": "Free",
  "type": "free",
  "price": 0,
  "max_gb": 2,
  "store_files": true,
 }
]

In your controller methods, you can check whether the user’s current plan permits the requested action or feature. For example:

exports.fileController.save = async function(req, res){

 const accountData = await account.get({ id: accountID });
 const currentPlan = settings.plans.find(x => x.id === accountData.plan);
 utility.assert(currentPlan.store_files, res_('file.save.not_permitted_on_plan')

}

This ensures that the feature or action is only available to users on the appropriate plan.

Last updated