How to not allow an end user to update/delete another end user's post?

Hi Vincent,
You’re trying to configure core routers so you need to put your configuration in the main router file (src/api/post/routes/post.ts) and declare your policy here.

import { factories } from "@strapi/strapi";

export default factories.createCoreRouter("api::post.post", {
  config: {
    delete: {
      policies: ["user-post-policy"],
    },
    update: {
      policies: ["user-post-policy"],
    },
  },
  only: null,
});
1 Like