For the Users Collection Types (not Admins), I have fields such as
lastName, which users can update freely.
However, I also have a field in the same Users Collection called
rank which they should NOT be able to update on their own, but instead the
rank field should only be updated server side via Token (following this Doc: API Tokens - Strapi Developer Documentation)
Although I tried making the
rank field “Private” under Advanced Settings Tab, which prevented the
rank field from being returned in the Response, Users can still update the
rank field if they were to guess the
key for it, which is not secure.
Is there a way to prevent Users from updating certain fields in addition to not showing up in the API response?