Hi all, I’m quite new to Strapi and was thinking of making a clone of Facebook with it. I hit a blocker where any authenticated user can modify another authenticated user’s post even if I had set a relationship between Post and User (User has many Posts). I can’t seem to find anything related to my problem on Google or the docs, so is there a way to forbid non-authors to modify a post via the Strapi backend? If so, how so? Thank you for your answers and responses in advance
and here’s my user post policy file; I wanted to try logging the objects first to get an idea of what they are because I couldn’t find anything more about them in the Policies docs.
Nothing logged onto the terminal when I deleted a post, it deleted but it seems like it didn’t “pass through” the custom policy I made. Thanks again in advance for a reply or answer
Hi Vincent,
You’re trying to configure core routers so you need to put your configuration in the main router file (src/api/post/routes/post.ts) and declare your policy here.