- Strapi Version: 3.2.4
- Operating System: macOS
- Database: mysql 5.7
- Node Version: v12.18.4
- NPM Version: 7.0.10
- Yarn Version: 1.22.10 (not using)
Hi, I’m really struggling with Strapi collection / item ownership and how to set the permissions of things via controllers. I posted a thread last week and nobody commented on it… it’s a very difficult to google problem so I’m back here explaining the problem hoping someone understands it and can help.
Problem: I can’t set record ownership from controllers / services.
I want to 1: Have an API only user log in via the API, and then when they create a record, I want to take their JWT / token / user-id from the request and use that to set ownership of the record they created.
I want to 2: Have the API only request user only things they have created
While researching this today I found an article that breaks down the difference between admin users and end-users / website users.
The problem(s) I have right now is:
- I can only assign ownership of records to admin users… admins can create records and their ownership shows up correct in Admin and API responses
- I can’t assign ownership from within the controllers / services, even if I specify valid ID values. The ORM strips out the
created_byvalues / does nothing with it. (see previous forum post)
- Strapi has no documentation on how to deal with the seperation of admin users and regular users
This is a well intentioned feature of Strapi that is a complete nightmare for me right now. There is a smug proudness to this article that is completely infuriating. It’s fine to make things more modular, but it’s insane to take away valid features / workflows in favor of forcing your own weird concept of users on others. At the very least provide documentation on how to turn the feature off or how to unify the two sets of users.
I’m stuck in this horrible logic loop where only admin users can own things, but only web users can log in so how do I make ownership / assignment to items created by API users work?!
PLEASE HELP… I’m failing to understand something here and it’s causing me to stress instead of working smart and efficiently.