2

Edit: Ultimately I switched to keystone js v5. I can do all this in 1/10 the time with better documentation.

I'm trying to figure out how to implement a Strapi isOwner policy.

They created official documentation and locked out the issue.

The only problem is that the documentation doesn't actually use policies even though it is titled "Create is owner policy". It modifies how to update and create a thing. Now, I could use these same methodologies to create a new find method, but I'd rather use a policy.

The thing that spurred this question is in the GraphQL documentation: 

  resolver: {
    Query: {
      restaurant: {
        description: 'Return a single restaurant',
        policies: ['plugins::users-permissions.isAuthenticated', 'isOwner'], // Apply the 'isAuthenticated' policy of the `Users & Permissions` plugin, then the 'isOwner' policy before executing the resolver.
      },

How would such a policy 'isOwner' be implemented?

The best answer I can find is this post in the GitHub issue, but the reason I'm posting this question is the the official documentation is not what this post says and seems to contradict itself with the "policy" that's actually a controller along with the GraphQL documentation alluding to a policy that could exist which aligns with the GitHub post.

Diesel
  • 5,099
  • 7
  • 43
  • 81
  • Strapi is great piece of art but I am thinking the same, this one thing is holding lot of people to not use strapi. this thing should be BUILT in or at-lest they provide some extra plugin for this. – Hardik Satasiya Jul 23 '20 at 06:13
  • Ultimately I switched to keystone js v5 <- i looked in to this as well, @Diesel is `keystone js` stratifying this need for production ? can you share your opinion :) – Hardik Satasiya Jul 23 '20 at 06:14
  • What do you mean by stratifying this need for production? It's doing a good job for me. I think honestly Strapi has taken off and I'm wondering if it's gotten better since I tested it. Keystone has been good, but they are hurting on maintainers I think - from the looks of their GitHub and slack. There are a few things I have to do manually in Keystone such as implementing a rule that two fields together have to be unique. This has to be done at the DB level. – Diesel Jul 23 '20 at 15:29
  • i was just asking your opinion, i also need to start one project so was looking for good headlesss cms. - it was meant "satisfying" sorry typo. means keystone js has this functionalities out of the box ? can i use it for production sites :) – Hardik Satasiya Jul 23 '20 at 16:27
  • 1
    I run a small site off of it but yes! The only problem I've had is they introduce a lot of breaking changes, and Typescript types are not up to date (they are not done officially, but by a nice contributor. – Diesel Jul 23 '20 at 18:35

1 Answers1

0

You can definitely use the policy as explained in the GitHub issue.

This will work correctly and should be a better option if you want to replicate the logic to multiple Content Types.

Should probably rename "policy" by "layer" for the guide.

Jim LAURIE
  • 3,859
  • 1
  • 11
  • 14