# Feature Access and Plan Restrictions

### Users without a plan

By default, users who have not signed up for a plan will only have access to authentication and account profile pages. This ensures that users without an active plan cannot access features beyond the basics.\
\
On the client side, users are restricted to just authentication and profile management until they choose a plan.

On the server side, actions such as inviting child users, accessing AI endpoints, or creating API keys should be disabled for users without an active plan. For example:

```javascript
// check account has a plan
const accountData = await account.get({ id: req.account });
utility.assert(accountData.plan, res.__('account.plan_required'));
```

As you build custom endpoints for your own features, it’s important to include this check to ensure actions cannot be performed without an active plan via the API.

### Restricting features by plan

When you want to limit feature access or impose usage limits based on the user's billing plan, it's recommended to define plan-specific flags or limits in your configuration within the Stripe plans object.

<pre class="language-javascript"><code class="lang-javascript">"plans": [
 {
  "id": "free",
  "name": "Free",
  "type": "free",
  "price": 0,
<strong>  "max_gb": 2,
</strong>  "store_files": true,
 }
]
</code></pre>

In your controller methods, you can check whether the user’s current plan permits the requested action or feature. For example:

<pre class="language-javascript"><code class="lang-javascript"><strong>exports.fileController.save = async function(req, res){
</strong><strong>
</strong><strong> const accountData = await account.get({ id: accountID });
</strong> const currentPlan = settings.plans.find(x => x.id === accountData.plan);
 utility.assert(currentPlan.store_files, res_('file.save.not_permitted_on_plan')

}
</code></pre>

This ensures that the feature or action is only available to users on the appropriate plan.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.usegravity.app/gravity-server/authorization/feature-access-and-plan-restrictions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.