I would like to write a few lines to prevent a user from deleting data he does not own. How can I customize the following "destroy" part?
destroy: async (ctx, next) => {
return strapi.services.contactnumber.remove(ctx.params);
}
Thanks in advance and happy easter.
I've do the same for my app, please find below my example code :
findOne: async (ctx) => {
var rent = await strapi.services.rent.fetch(ctx.params);
var user = ctx.state.user;
rent = rent.toJSON ? rent.toJSON() : rent;
if (user.id === rent.tenant.user) {
return rent;
}
else {
return ctx.badRequest(null, 'Forbidden');
}
},
Maybe it's not the best implementation, but it's working fine :) The keyword "await" is important, because you need to wait the full response before verify the response (otherwise "undefined" will be returned).
I think your code will looks like that :
destroy: async (ctx, next) => {
var contactnumber = await strapi.services.contactnumber.findOne(ctx.params);
contactnumber = (contactnumber.toJSON ? contactnumber.toJSON() : contactnumber);
if (ctx.state.user.id === contactnumber.user) {
return strapi.services.contactnumber.remove(ctx.params);
}
else {
return ctx.badRequest(null, 'Your error message');
}
}
Thanks,