My IsOwner global policy version

DMehaffy · October 19, 2021, 7:55pm

If it were me I would return a 404 or 400 here and not a 401 as it’s not because they aren’t authorized but what they are trying to do doesn’t exist.

Your also sending a bit of mixed message here:

401 is unauthorized, 403 is forbidden:

403: 403 Forbidden - HTTP | MDN
401: 401 Unauthorized - HTTP | MDN

And you have all these method available to you (it’s where those return ctx.* come from):

github.com

strapi/strapi/blob/077741b03725cc981bc984399d553df8a12d89d0/packages/strapi/lib/middlewares/boom/index.js#L12-L43


      
          const boomMethods = [
            'badRequest',
            'unauthorized',
            'paymentRequired',
            'forbidden',
            'notFound',
            'methodNotAllowed',
            'notAcceptable',
            'proxyAuthRequired',
            'clientTimeout',
            'conflict',
            'resourceGone',
            'lengthRequired',
            'preconditionFailed',
            'entityTooLarge',
            'uriTooLong',
            'unsupportedMediaType',
            'rangeNotSatisfiable',
            'expectationFailed',
            'teapot',

This file has been truncated. show original