System Information
- Strapi Version: 3.5.3
- Operating System: linux
- Database: postgresql
- Node Version: 12.21
- NPM Version: 6.14.11
- Yarn Version:
Hello,
I have an article api where user can insert illustration. The illustration model is linked to images the user can upload, it contains a relation to the actual image file as well as relations to user, tags an so on. The user has the possibility to manage its own illustrations with a dedicated isOwner policy. In particulare, delete an illustration is performed in two step : first delete the illustration entry then delete the corresponding file. The isOwner policy is applied to illustration but can hardly be used for the file as there is no user linked to the file
Would it be possible to make sure a user can not delete images or files from other users?
Thanks,
Nicolas