System Information
- Strapi Version: 4
- Operating System: windows
- Database: sqllite
- Node Version: v14.20.0
- NPM Version: 6.14.17
- Yarn Version:
Hi every one,
I Am new in Strapi I’m watching Strapi tutorial in that tutorial he teaches Strapi v3 and I use Strapi v4 I want to create is-owner policy that every user being able to delete and update it’s own data, i have two API one is event and anther is me, I can get the user data that he is authenticated but that user can delete and update the other users data also.
this is the Strapi v3 is Owner policy I want the same to work for strapi v4
"use strict";
const { sanitizeEntity } = require("strapi-utils");
module.exports = {
// Create event with linked user
async create(ctx) {
let entity;
if (ctx.is("multipart")) {
const { data, files } = parseMultipartData(ctx);
data.user = ctx.state.user.id;
entity = await strapi.services.events.create(data, { files });
} else {
ctx.request.body.user = ctx.state.user.id;
entity = await strapi.services.events.create(ctx.request.body);
}
return sanitizeEntity(entity, { model: strapi.models.events });
},
// Update user event
async update(ctx) {
const { id } = ctx.params;
let entity;
const [events] = await strapi.services.events.find({
id: ctx.params.id,
"user.id": ctx.state.user.id,
});
if (!events) {
return ctx.unauthorized(`You can't update this entry`);
}
if (ctx.is("multipart")) {
const { data, files } = parseMultipartData(ctx);
entity = await strapi.services.events.update({ id }, data, {
files,
});
} else {
entity = await strapi.services.events.update({ id }, ctx.request.body);
}
return sanitizeEntity(entity, { model: strapi.models.events });
},
// Delete a user event
async delete(ctx) {
const { id } = ctx.params;
const [events] = await strapi.services.events.find({
id: ctx.params.id,
"user.id": ctx.state.user.id,
});
if (!events) {
return ctx.unauthorized(`You can't update this entry`);
}
const entity = await strapi.services.events.delete({ id });
return sanitizeEntity(entity, { model: strapi.models.events });
},
// Get logged in users
async me(ctx) {
const user = ctx.state.user;
if (!user) {
return ctx.badRequest(null, [
{ messages: [{ id: "No authorization header was found" }] },
]);
}
const data = await strapi.services.events.find({ user: user.id });
if (!data) {
return ctx.notFound();
}
return sanitizeEntity(data, { model: strapi.models.events });
},
};
also after hours and hours searching I found something but it not work correct,
in the code that I found just the get method to get the current user data is working but other method delete update and create not work,
if some can help me please…
const { createCoreController } = require("@strapi/strapi").factories;
// module.exports = createCoreController('api::event.event');
module.exports = createCoreController("api::event.event", ({ strapi }) => ({
//Find with populate ----------------------------------------
async find(ctx) {
const populateList = ["image", "user"];
// Push any additional query params to the array
populateList.push(ctx.query.populate);
ctx.query.populate = populateList.join(",");
// console.log(ctx.query)
const content = await super.find(ctx);
return content;
},
// Create user event----------------------------------------
async create(ctx) {
let entity;
ctx.request.body.data.user = ctx.state.user;
entity = await super.create(ctx);
return entity;
},
// Update user event----------------------------------------
async update(ctx) {
let entity;
// const { id } = ctx.params;
const { id } = ctx.state.user;
const query = {
filters: {
id: id,
user: { id: id },
},
};
const events = await this.find({ query: query });
if (!events.data || !events.data.length) {
return ctx.unauthorized(`You can't update this entry`);
}
entity = await super.update(ctx);
return entity;
},
// Delete a user event----------------------------------------
async delete(ctx) {
// const { id } = ctx.params;
const { id } = ctx.state.user;
console.log("DELETED");
const query = {
filters: {
id: id,
user: { id: id },
},
};
const events = await this.find({ query: query });
if (!events.data || !events.data.length) {
return ctx.unauthorized(`You can't delete this entry`);
}
const response = await super.delete(ctx);
return response;
},
// Get logged in users----------------------------------------
async get(ctx) {
const { user } = ctx.state;
if (!user) {
return ctx.unauthorized({
messages: "No authorization header was found",
});
}
const query = {
filters: {
user: { id: user.id },
},
};
const data = await this.find({ query: query });
if (!data) {
return ctx.notFound();
}
const sanitizedEntity = await this.sanitizeOutput(data, ctx);
return this.transformResponse(sanitizedEntity);
},
}));