search

strapi-community / strapi-plugin-slugify

A plugin for Strapi Headless CMS that provides the ability to auto slugify a field for any content type.
https://market.strapi.io/plugins/strapi-plugin-slugify
MIT License
45 stars 21 forks source link

Can we override the API request for `slugify/slugs` #39

Closed selected-pixel-jameson closed 2 years ago

selected-pixel-jameson commented 2 years ago

Is there a way to override the slugify/slugs endpoint? I have a specific use case where I want to perform additional security checks before returning a response.

ComfortablyCoding commented 2 years ago

Override as in additional custom policies?

selected-pixel-jameson commented 2 years ago

Maybe that's how one would go about this. I'm still very new to Strapi. I was just looking for a way to be able to override this function similar to how you override find, findOne, create or update.

ComfortablyCoding commented 2 years ago

ah, that I am not sure. What checks are you trying to do?

selected-pixel-jameson commented 2 years ago

I took a look at policies. Yes, I'm looking for a way to attach a custom policy to this.

I need a way to add a layer of security to this request so that a response is only returned when the request is for content that is explicitly flagged as 'public' and this needs to be set on the server for security purposes. I can't do this using a query on the client.

I also need to check to see if the user making the request has the ability to edit the content which is determined by various properties on the model being requested.

ComfortablyCoding commented 2 years ago

Model specific policies should already be supported v2.1.1+.

By default it behaves like any other route. If the user who requested the model does not have permission to find it then it will return unauthorized.

I do not have the chance to confirm this at the moment but any additional policies on the model(s) should also be respected.

selected-pixel-jameson commented 2 years ago

Thanks. I’m sure it works. I’ll look at creating a model specific policy then. Appreciate your guidance.

Jameson W Parker

On Mar 17, 2022, at 7:17 AM, daedalus @.***> wrote:

 Model specific policies should already be supported after v2.1.1.

By default it behaves like any other route. If the user who requested the model does not have permission to find it then it will return unauthorized.

I do not have the chance to confirm this at the moment but any additional policies on the model(s) should also be respected.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.

ComfortablyCoding commented 2 years ago

No problem, closing for now. It can be reopened if model policies are not being respected.