It took me quite some hours, but (as usually with Strapi) the solution was very simple, it wasn’t just very straightforward. I had to set the permission of the users-permissions.user find value to true for authorised users. So when I finally figured this out, creating the controller for automatically adding the user id to the post, based on the authorisation header was fairly simple.
I couldn’t find this in the documentation tho, so I’d like to share it here so that whenever someone else is struggling to create a similar flow, this could help them.
async create(ctx) {
const user = ctx.state.user
if (!user) {
return ctx.unauthorized("Missing credentials for new chat message")
}
// Allow requests that miss the data:{} wrapper
if (!ctx.request.body.data) {
const tmp = ctx.request.body
ctx.request.body = {
data: tmp
}
}
if (!ctx.request.body.data.message) {
return ctx.unauthorized("Missing required property: `message`")
}
ctx.request.body.data.sender = user.id
return await super.create(ctx)
},