Alright, took a deep breath and continued console.log investigation.
the definition of
createCoreService(‘api::content-type.content-type’)
on node_modules/@strapi/strapi/factories.js calls (on line 11)
node_modules/@strapi/strapi/core-api/controller/index.js which calls (on line 24)
return sanitize.contentAPI.output(data, contentType, { auth });
defined on
node_modules/@strapi/strapi/utils/sanitize/index.js which contains, finally
output(data, schema, { auth } = {}) {
if (isArray(data)) {
return Promise.all(data.map(entry => this.output(entry, schema, { auth })));
}
const transforms = [sanitizers.defaultSanitizeOutput(schema)];
if (auth) {
// this line seems the solution
transforms.push(traverseEntity(visitors.removeRestrictedRelations(auth), { schema }));
}
console.log('here data is still the same, I have the fields I want:', data)
return pipeAsync(...transforms)(data);
// after this return, data I want is lost.
}
After this deep dive, I found that line with removeRestrictedRelations(), which seems to setup transforms variable. pipeAsync seems to be just a “create a function which applies this set of functions defined by transforms to some entering data and return” thing.
By this function name (removeRestrictedRelations) I double checked if the user role which is trying to access data (Public role) has this permition, and it has. So, it does not seems to be related to role permissions.
Now, regarding data fetch, my question is… what exactly is this Relation restriction and how can I setup / inform in my request that these fields are not restricted? I did not see anything like that on the docs.
Will do the same kind of investigation on create-entry-with-relation problem.
EDIT:
Just commented sanitize line in both find and create controllers, it worked. Create with relation and retrieve with relations. There is something going on on sanitization process. Can be a misconfiguration on my part (probably? can’t tell from reading the docs) or some bug.