Extend SecuredAction

I have used silhouette.SecuredAction in my project to allow only users who have an access token to reach the API. The next step is to further restrict access to users who have activated their account (via a payment, for example).

Suppose we have a user model like this:

"username": "ming", 
"activated": false

Every time a user calls our API, we would like to check whether the “activated” field is true, if not, we return a 401 error.

How do I go about doing this?



You can achieve this with Authorization:

Best regards,

1 Like