Here is an example for Mongo.
First, create a new route:
{
"method": "GET",
"path": "/findUnpublished",
"handler": "articles.findUnpublished",
"config": {
"policies": []
}
},
Seconds, create a new controller function, called findUnpublished:
const { sanitizeEntity } = require('strapi-utils');
module.exports = {
async findUnpublished(ctx) {
//getting all the existing articles, no metter if they have unpublished status
let result = await strapi.query('articles').model.find();
//sanitize them to hide all private fields
let articles = sanitizeEntity(result, {
model: strapi.models['articles'],
});
//return result to the /findUnpublished API
ctx.send(articles);
}
};
Now add create a new role called CanViewUnpublished (as an example) and assign access to the newly created controller: findUnpublished
And the last step, create a new user and assign that role(CanViewUnpublished ) to him.
Voila, result:
