For the Users Collection Types (not Admins), I have fields such as firstName
, lastName
, which users can update freely.
However, I also have a field in the same Users Collection called rank
which they should NOT be able to update on their own, but instead the rank
field should only be updated server side via Token (following this Doc: API Tokens - Strapi Developer Documentation)
Although I tried making the rank
field “Private” under Advanced Settings Tab, which prevented the rank
field from being returned in the Response, Users can still update the rank
field if they were to guess the key
for it, which is not secure.
Is there a way to prevent Users from updating certain fields in addition to not showing up in the API response?