Strapi: How to Restrict Users to Edit Only Themselves
Implement a policy to custom-tailor your API
Strapi is an open source headless content management system (CMS) that’s excellent for rapid prototyping
If you’re reading this article, you’re probably mid-development in one of your first Strapi projects that includes user registration/authentication. That’s where I was when I needed this article. tl;dr: this article is a synthesis of a StackOverflow post I found on the topic, which can be found here.
Here’s the situation we’re in. We want our users to be able to update their own user information such as name or email. So, we go to the Roles section in the admin panel and select update, enabling access to that action.
Unfortunately, doing this enables a user to not only edit their own user, but any user. That’s no good and we need to fix that. The way to do this is to implement a policy, then apply that policy on the given route.
Strapi has a great CLI tool that will help us on our way. Make sure you’re terminal is at the root of the Strapi…
