Hi @simontam
This is a common use-case and we haven’t totally implemented multi-tenancy yet (see: Multi-tenancy - Roadmap | Product Roadmap) but it can roughly be accomplished with some well written policies. I’ll leave you with our policy documentation but also with a bit of an older example of this in testing.
You are more than welcome to test out my rough example I made a few months back, but it may require some customization and I don’t generally recommend throwing a bunch of checks in a single policy and instead break them out into their own. This example was written for a user while I was twitch streaming one day.
Repo: GitHub - derrickmehaffy/testing-strapi-policies
Main policy for testing:
Applied to a content-type:
There is lot there to digest but the examples I gave kind give two ways to handle the requests, either by forcefully moving the request to the proper query param or to return an error. The key take-away though is where you put the code in the policy (before the await next() or after the await next()) and if your goal is to reject/return an error/secure the route you will want to make sure it’s before the await next()
Let me know if you have questions 