How to request private fields from admin HomePage?

Nicolas_Arias · March 10, 2021, 9:35pm

Hi! I’m trying to customize my admin HomePage ("./admin/src/containers/HomePage/index.js") and want to request some data from one of my Content Types but some of the fields are private (you can configure this in advanced settings when you create each).

Although I can get the public fields by making a request with the access token (that I got with “auth” in “strapi-helper-plugin”), I can’t get the private ones. Can someone help me with this?

Thx in advance.

anhhoangsky · March 11, 2021, 11:49am

you must make props ‘keys’ not ‘key’ of Inputs component like name of fields

Nicolas_Arias · March 11, 2021, 1:17pm

Thanks for the answer, but I don’t understand what should I do

anhhoangsky · March 11, 2021, 2:15pm

simple you call

<Inputs keys={name} />

keys will be changed to key in react DOM and name in <input name={name} /> html element strapi check name equal to field name of content type(database) you should have the same name and same key(recommend) or skip check.

sunnyson · March 13, 2021, 2:53pm

@Nicolas_Arias To access your content types with private fields through an API from admin UI, you should do the following:

Create a new route for this:

{
  "routes": [
    //...
    {
      "method": "GET",
      "path": "/articles-private", //name it as you want
      "handler": "articles.private", //point it to the custom controller that we will create in step 2
      "config": {
        "policies": [["admin::isAuthenticatedAdmin"]] //mandatory add this policy, so you can access the route only as an authenticated admin.
      }
    }
    //...
 ]
}

Create a custom controller

module.exports = {
  //...
  private: async (ctx, next) => {
    return strapi.query('articles').find(); // this one will return your articles without removing the private fields.
  }
 //...
}

From the frontend, there is no need to re-authenticate to get tokens and etc, you can use the strapi’s request module for this:

import { request } from 'strapi-helper-plugin';

const getArticles = async () => {
   const articles = await request('/articles-private');
  // request module from strapi-helper-plugin, will automatically add your admin token in it
  // so there is no need for extra authentication to get your admin token.
}

P.S. As extra info for all, private fields are removed by sanitizeEntity module that is used inside the core controllers. So when you create a custom controller, it will keep your data untouched without removing the private fields because you are not using the sanitizeEntity module.

sunnyson · March 13, 2021, 3:05pm

Second and the easiest method is to consume the content-manager API’s:

import { request } from 'strapi-helper-plugin';

const getArticles = async () => {
   const articles = await request('/content-manager/collection-types/application::articles.articles?page=1&pageSize=10&_sort=name:ASC');
}

That’s the easiest way to achieve your needs.

I’m always using the first method since I can add custom policies to the routes. But if you don’t need custom policies then use this method.

That’s how you can get any content-type’s route from content-manager: