Closed selected-pixel-jameson closed 2 years ago
Override as in additional custom policies?
Maybe that's how one would go about this. I'm still very new to Strapi. I was just looking for a way to be able to override this function similar to how you override find, findOne, create or update.
ah, that I am not sure. What checks are you trying to do?
I took a look at policies. Yes, I'm looking for a way to attach a custom policy to this.
I need a way to add a layer of security to this request so that a response is only returned when the request is for content that is explicitly flagged as 'public' and this needs to be set on the server for security purposes. I can't do this using a query on the client.
I also need to check to see if the user making the request has the ability to edit the content which is determined by various properties on the model being requested.
Model specific policies should already be supported v2.1.1+.
By default it behaves like any other route. If the user who requested the model does not have permission to find it then it will return unauthorized.
I do not have the chance to confirm this at the moment but any additional policies on the model(s) should also be respected.
Thanks. I’m sure it works. I’ll look at creating a model specific policy then. Appreciate your guidance.
Jameson W Parker
On Mar 17, 2022, at 7:17 AM, daedalus @.***> wrote:
Model specific policies should already be supported after v2.1.1.
By default it behaves like any other route. If the user who requested the model does not have permission to find it then it will return unauthorized.
I do not have the chance to confirm this at the moment but any additional policies on the model(s) should also be respected.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.
No problem, closing for now. It can be reopened if model policies are not being respected.
Is there a way to override the
slugify/slugs
endpoint? I have a specific use case where I want to perform additional security checks before returning a response.