Show content of authenticated logged in user only

jerodfritz · October 26, 2021, 2:15pm

I use the 2 custom policies for almost every Strapi backed project I create. One policy is for single owner and the other policy is for a multiple owners field.

isOwner.js

gist.github.com

https://gist.github.com/centogram/f338b583506e04a05d0938778288f121

isOwner.js

'use strict';
/**
 * `isOwner` policy.
 */

var pluralize = require('pluralize')

module.exports = async (ctx, next) => {
  try {
    let errMsg = "You are not allowed to perform this action.";

This file has been truncated. show original

isOwners.js

gist.github.com

https://gist.github.com/centogram/bfcea3b33bc39e533cd39f4ef788eb69

isOwners.js

'use strict';
/**
 * `isOwners` policy for US Fabrics that allows for many owners and a private field == false individual querying or sharing with multiple users as readonly
 */

const _ = require('lodash');
let compareIDs = (a, b) => {
  return a.toString() === b.toString();
}

This file has been truncated. show original

Place these files in ~/config/policies/ to be available globally and then set them per route. For example I have a binders content type and my ~/api/binders/config/routes.js begins like the following:

{
  "routes": [{
      "method": "GET",
      "path": "/binders",
      "handler": "binder.find",
      "config": {
        "policies": [
          "global::isOwners"
        ]
      }
    },
...

The specific attributes that relate to this usage defined on the content type in ~/api/binder/models/binder.setting.json are the following:

    "private": {
      "type": "boolean",
      "default": true
    },
    "owners": {
      "plugin": "users-permissions",
      "collection": "user",
      "via": "binders",
      "dominant": true
    },
    "readonly": {
      "plugin": "users-permissions",
      "collection": "user",
      "via": "binders_readonly",
      "dominant": true
    }