My IsOwner global policy version

I just implemented the v4 version of this global policy.

File located at ./src/policies/is-owner.js

// the content type must have field named "author" that is a relation N-1 to users-permission
module.exports = async (policyContext, config, {
  strapi
}) => {
  const ctx = policyContext
  if (!ctx.state.isAuthenticated)
    return false
  const api = ctx.state.route.info.apiName 
  const controller = api // assume controller same as api name
  const service = strapi.service(`api::${api}.${controller}`)
  if (!service)
    return false
  if (!ctx.params.id) return true
  const {
    results: [content]
  } = await service.find({
    filters: {
      id: {
        $eq: ctx.params.id
      },
      author: {
        id: {
          $eq: ctx.state.user.id
        }
      }
    },
    publicationState: 'preview'
  })

  return !!content
};
3 Likes