In that case, you'll need to create an IP ACL with the appropriate rules and then apply the ACL to the WLAN's inbound firewall.
You'll need to allow things like DHCP server traffic, DNS, DGW, and whatever else might be needed, but then disallow all other traffic (which will prevent the user from accessing anything else on that LAN.