SITUATION: In my strapi database, a User (default strapi user in collection types) has some data that belongs to it. These data are entries in different collection types and the ownership is specified via relations between the user that owns them, and the entry.
TASK: I’d like to be able to send a request to an endpoint and use a an Authentication header with a user’s jwt token as the bearer. I then want this endpoint to return with ONLY the data that belongs to the user whose JWT token was provided in the request header. In other words, the endpoint should return only the entries which have relationships with the user whose token I provide in the header. How can I achieve this?
PS. I have thought of many ways to this in the front end, or even add request only the data whose user’s id matches with mine. But I can imagine that doing it this way can cause many security concerns for later scaling my project. If anyone has any info about security in this manner, I am curious to find out.