Show content of authenticated logged in user only

Questions and Answers
1

Hi all,

I’ve been searching for hours but couldn’t find the right answer unfortunately. I have made a dashboard site where registered users can track their own data. However when a user is logged in, it can update, see and add data of others.

Basically all data gets piled up mixed with all users data.

I’d like a logged in user to be able to view and edit its own data. I know there is an author role, but from my understanding thats only at the admin panel. Not when users are registered and logged in from the front-end (API based)

Hope someone could help me out!

Thank you so much in advance!

1 Like
2

Welcome to the forums!
Best place is to use a policy like isOwner

1 Like
3

Thank you so much for your quick response! Appreciate it. Setting the owner worked. But is it also possible the owner only sees its own content?

4

You can extend wha the guide says and set a policy so only the owner will get it’s own data back and not others yes.

1 Like
5

Any idea where to find the code :slight_smile: ? Been searching for days but couldnt exactly find a script that only shows content per logged in user.

However at the moment I did succeed in building a restricted area for registered users. But all created content is visible instead of user created content only.

Hope you could help me out!

Thank you.

6

When you make a request you can use
ctx.state.user.id to get the userID, then extend the API to return only data for the user that is logged into session. Instead of “ALL” the data.

1 Like
7

Any plan on natively supporting this requirement by official policy or plugin?

1 Like
8

Thank you!! Solved it with your help.

9

I use the 2 custom policies for almost every Strapi backed project I create. One policy is for single owner and the other policy is for a multiple owners field.

isOwner.js

isOwners.js

Place these files in ~/config/policies/ to be available globally and then set them per route. For example I have a binders content type and my ~/api/binders/config/routes.js begins like the following:

{
  "routes": [{
      "method": "GET",
      "path": "/binders",
      "handler": "binder.find",
      "config": {
        "policies": [
          "global::isOwners"
        ]
      }
    },
...

The specific attributes that relate to this usage defined on the content type in ~/api/binder/models/binder.setting.json are the following:

    "private": {
      "type": "boolean",
      "default": true
    },
    "owners": {
      "plugin": "users-permissions",
      "collection": "user",
      "via": "binders",
      "dominant": true
    },
    "readonly": {
      "plugin": "users-permissions",
      "collection": "user",
      "via": "binders_readonly",
      "dominant": true
    }
3 Likes
10

Is there any chance you could re-share those snippets? The gist seems to be gone at this point. Thanks!

11

Here you go. Just keep in mind this solution was for v3.

1 Like
12

Gotcha.Thank you regardless for resharing your solution!

13

Could you share solutions for Strapi v4? Thank you