Set permissions programmatically? #6294

This discussion has been migrated from our Github Discussion #6294

laggingreflex216d ago

I have a collection type “Content

The normal API route to get all contents is GET /contents

But by default it’s inaccessible, and gives a 403 Forbidden

You have to goto the Admin Panel > Plugins > Roles & Permissions > Permissions > Application > Content then select all and hit Save

Is there a way to do this programmatically?


Responses to the discussion on Github

Mcastres216d ago


Hello @laggingreflex

What you can do is writing this code inside your config/functions/bootstrap.js

"use strict";
 * An asynchronous bootstrap function that runs before
 * your application gets started.
 * This gives you an opportunity to set up your data model,
 * run jobs, or perform some special logic.
 * See more details here:
const findPublicRole = async () => {
  const result = await strapi
    .query("role", "users-permissions")
    .findOne({ type: "public" });
  return result;

const setDefaultPermissions = async () => {
  const role = await findPublicRole();
  const permissions = await strapi
    .query("permission", "users-permissions")
    .find({ type: "application", role: });
  await Promise.all( =>
        .query("permission", "users-permissions")
        .update({ id: }, { enabled: true })

const isFirstRun = async () => {
  const pluginStore ={
    environment: strapi.config.environment,
    type: "type",
    name: "setup"
  const initHasRun = await pluginStore.get({ key: "initHasRun" });
  await pluginStore.set({ key: "initHasRun", value: true });
  return !initHasRun;

module.exports = async () => {
  const shouldSetDefaultPermissions = await isFirstRun();
  if (shouldSetDefaultPermissions) {
    await setDefaultPermissions();

It will allow every permissions on all your collection types during the first run of your application.

1 Like

Thank you!
It would have been great to have something related on the Strapi documentation :slight_smile:

@piwi something we could possibly add to the dev docs, really though, something like this would be for an example after we document the internal API.

1 Like

Hello !

Thanks for this post, I need something similar !
Though, for some reasons long to explain, I don’t need to set it at first run, but second one, because I already use first run to bootstrap the default database rows, then I import the data in a second time using SQL.

Is there a way to launch this function at the second run ?

Thanks for your attention

first run you could set a key in the database (like an incremental counter) then when it gets to 1 or 2 (depends if you start your counter on 0 or not) then run the code to inject permissions.

1 Like

Thanks for your answer @DMehaffy,
Sounds like a smart solution, will go for something like this !

1 Like

Hi @DMehaffy , I just updated strapi v3 to v4 and this code is not working. With v4 strapi how can I do?

Hi @datle,

What do you want to achieve with this in v4?