Thanks DMehaffy’s answer. I tried few times but no luck. Got 405 Error
I am using Strapi 4.4.5 and this is my answer.
const _ = require('lodash')
const user = require('./content-types/user');
module.exports = plugin => {
// PUT updateMe is not allowed, so use /users/:id
plugin.contentTypes.user = user;
plugin.controllers.user.update = async (ctx) => {
const theLoggedInUserId = ctx.state.user.id
const theUserId = +ctx.params.id
if(theLoggedInUserId !== theUserId){
return ctx.badRequest('forbidden to update other user')
}
// Reconstruct context so we can pass to the controller
const newData = _.pick(ctx.request.body.data, ['password', 'avatar']);
ctx.request.body.data = newData
return await strapi.entityService.update(
'plugin::users-permissions.user',
ctx.params.id,
{
data: ctx.request.body.data
}
);
};
return plugin;
};