I’ve been searching for hours but couldn’t find the right answer unfortunately. I have made a dashboard site where registered users can track their own data. However when a user is logged in, it can update, see and add data of others.
Basically all data gets piled up mixed with all users data.
I’d like a logged in user to be able to view and edit its own data. I know there is an author role, but from my understanding thats only at the admin panel. Not when users are registered and logged in from the front-end (API based)
Any idea where to find the code ? Been searching for days but couldnt exactly find a script that only shows content per logged in user.
However at the moment I did succeed in building a restricted area for registered users. But all created content is visible instead of user created content only.
When you make a request you can use ctx.state.user.id to get the userID, then extend the API to return only data for the user that is logged into session. Instead of “ALL” the data.
I use the 2 custom policies for almost every Strapi backed project I create. One policy is for single owner and the other policy is for a multiple owners field.
isOwner.js
isOwners.js
Place these files in ~/config/policies/ to be available globally and then set them per route. For example I have a binders content type and my ~/api/binders/config/routes.js begins like the following: