Override users-permissions controller?

I need to modify the user-permissions controller for updating(PUT) some user account data. There is no default controller folder or controller to use to override these actions. If i create /controllers/user.js that has no effect either. Is there an easy to do this in Strapi?

Nevermind, i was able to get it working by creating the controllers/user.js directory and file. Not sure why it didn’t work the first few times i tried that…

Is there not an update function available? I tried await strapi.plugins['users-permissions'].services.user.update({ id }); but it throws error that update is not a function.

There is an “edit” function…

async edit(params, values) {
    if (values.password) {
      values.password = await strapi.plugins['users-permissions'].services.user.hashPassword(

    return strapi.query('user', 'users-permissions').update(params, values);

So i was able to get it to update the Postgres db with:

async update(ctx) {
    const entity = await strapi.query('user', 'users-permissions').update({ id }, ctx.request.body);

    return sanitizeEntity(entity, { model: strapi.models.user });

The problem is now that sanitizeEntity(entity, { model: strapi.models.user }); returns a 404. Cant seem to find the model with that name. I’ve tried model names ‘user’, ‘users’, ‘user-permissions’ and ‘users-permissions’ but they all return a 404.

strapi.plugins['users-permissions'].models.user should work

1 Like

Worked perfectly, thanks!

1 Like

Hey , i did what its recommended here, and it works! but i want the user to be able to update his avatar, and all the text data succeeded but the avatar doesn’t change. can someone please help?

That will most likely need to be a nested call, do the users have the ability to upload files?

So what is the solution to udpate an user my his email with route /user/:email ??

@teddyboirin you would need to create your own custom route and controller. Either via extensions inside of the users-permissions plugin, or from the standard api folder (you don’t need a model to create a route and controller)

Can i only add route /put/:email in a new file to my routes /users-permissions ? without adding controllers ?

Same for me !
try to just return entity and sure it will solve the issue .
sanitizeEntity is just for allowing reading private attributes which prohibited with ‘users-permissions’ plugin .
I hope that git contributers override it :sweat_smile:

Hello there. Excuse me for bringing up an old thread.

Is the file structure correct?

I have put both edit and update methods but there was no console.log when I “Save” on Admin-UI.

import { factories } from '@strapi/strapi'

module.exports = factories.createCoreController('plugin::users-permissions.user', {
  async edit(params, values) {
    console.log('edit', params, values);

  async update(ctx) {
    console.log('update', ctx.request.body);