Benjamin Reeves
Reputation: 635
strapi - restrict user to delete/destroy only data related to him
I would like to write a few lines to prevent a user from deleting data he does not own. How can I customize the following "destroy" part?
destroy: async (ctx, next) => {
return strapi.services.contactnumber.remove(ctx.params);
}
Thanks in advance and happy easter.
Upvotes: 1
Views: 1745
Answers (1)
Vanessa Pasqué
Reputation: 56
I've do the same for my app, please find below my example code :
findOne: async (ctx) => {
var rent = await strapi.services.rent.fetch(ctx.params);
var user = ctx.state.user;
rent = rent.toJSON ? rent.toJSON() : rent;
if (user.id === rent.tenant.user) {
return rent;
}
else {
return ctx.badRequest(null, 'Forbidden');
}
},
Maybe it's not the best implementation, but it's working fine :) The keyword "await" is important, because you need to wait the full response before verify the response (otherwise "undefined" will be returned).
I think your code will looks like that :
destroy: async (ctx, next) => {
var contactnumber = await strapi.services.contactnumber.findOne(ctx.params);
contactnumber = (contactnumber.toJSON ? contactnumber.toJSON() : contactnumber);
if (ctx.state.user.id === contactnumber.user) {
return strapi.services.contactnumber.remove(ctx.params);
}
else {
return ctx.badRequest(null, 'Your error message');
}
}
Thanks,
Upvotes: 1
Related Questions
- Set strapi permission to specific collection data
- How to create a Custom User in strapi.js
- Strapi - Media Library frontend side upload with user-specific access
- Strapi: how to create a new model that belongs to a user?
- How to limit User access to a User API to it's own :ID only?
- Can you restrict access to parts of strapi admin?
- strapi - restrict user to fetch only data related to him
- how do i upload image on strapi for a specific user
- How to use Strapi to store user data
- Can we create different users which see specific content types in Strapi?