I am building a shopping cart, where I have a LineItem collection (a line item is an item in a shopping cart). A line item has a related user. Now, I want to retrieve only line items that belongs to the logged in user, so I tried this controller
export default factories.createCoreController(
'api::line-item.line-item',
({ strapi }) => ({
async find(ctx) {
if (ctx.state.isAuthenticated) {
const userId = ctx.state.user.id
ctx.query = {
...ctx.query,
filters: {
user: {
id: {
$eq: userId
}
}
}
}
}
return await super.find(ctx)
}
})
)
This only works if I allow the user role to find User (users_permission_user). However, that also allows the authenticated user to see all other users. Why isn’t the me permission enough? How should I handle this situation?
This topic has been created from a Discord post (1234948080122462329) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord