I guess, I got the result I wanted:
const { createCoreController } = require("@strapi/strapi").factories;
const utils = require('@strapi/utils');
const { NotFoundError, UnauthorizedError } = utils.errors;
const contentType = "api::address.address";
module.exports = createCoreController(contentType,
({
strapi
}) => ({
async findOne(ctx) {
const { user } = ctx.state;
const { id } = ctx.params;
if (user && typeof user !== 'undefined') {
const entity = await strapi.db.query(contentType).findMany({
where: {
id,
owner: user.id
}
});
if (entity && entity.length) {
const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
return this.transformResponse(sanitizedEntity);
}
throw new NotFoundError('Not Found');
} else {
throw new UnauthorizedError('Access Forbidden');
}
},
}));
I did try doing the same thing with policies, but that did not work quite as I expected. I created this policy:
'use strict';
/**
* `user-is-owner` policy.
*/
module.exports = () => {
// Add authenticated user to filter.
return async (ctx, next) => {
ctx.query.filters = {
...ctx.query.filters,
owner: ctx.state.user.id,
};
await next();
};
};
Added it to routes
const { createCoreRouter } = require('@strapi/strapi').factories;
module.exports = createCoreRouter("api::address.address", {
config: {
findOne: {
policies: ["global::user-is-owner"]
}
}
});
But then even the places my user was owner started raising 403 errors… Not sure what was going on there.