"bug" in file ./extensions/users-permissions/config/policies/permissions.js

This file ./extensions/users-permissions/config/policies/permissions.js
for token, has one bug, this line…

module.exports = async (ctx, next) => {
let role;
// always undefined --> ctx.state.user
 if (ctx.state.user) {
// request is already authenticated in a different way
return next();
}
(...)
System Information
  • Strapi Version: 3.2.5
  • Operating System: Debian 10

That’s not a bug and not an issue.

It is there for a reason, if you would like to use a different authentication method (custom policy that already sets the ctx.state.user), then this part of the code will avoid the users permissions default authentication method.

As you can see there is a comment for it: // request is already authenticated in a different way.

1 Like

thank’s