How to get only items related to the authenticated user?

I am building a shopping cart, where I have a LineItem collection (a line item is an item in a shopping cart). A line item has a related user. Now, I want to retrieve only line items that belongs to the logged in user, so I tried this controller

export default factories.createCoreController(
    ({ strapi }) => ({
        async find(ctx) {
            if (ctx.state.isAuthenticated) {
                const userId =
                ctx.query = {
                    filters: {
                        user: {
                            id: {
                                $eq: userId
            return await super.find(ctx)

This only works if I allow the user role to find User (users_permission_user). However, that also allows the authenticated user to see all other users. Why isn’t the me permission enough? How should I handle this situation?

This topic has been created from a Discord post (1234948080122462329) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord

You have to use low level db.query, or entity service and resolve permissions yourself

Like using kex?


Uses internal validation

Could you give me an example?

Because I am already calling super.find