I have a website where my customers can order. The customer receives a jwt token after logging in. If he wants to check his past orders, all orders are returning here, I have to do ten hundred filtering and it is not safe. Can I send a jwt token to order find instead and get only the data belonging to that jwt token?
ex: // The user logs in.
Jwt token arrives.
The user wants to see the previous orders.
It goes into my old orders.
A request is made to the order parameter.
response :
[ { "id": , "status":, "total": , "checkout_session": "", "sozlesme":, "date": "", "name": "", "surname": "", "company": "", "adress": "", "town": "", "state": "", "postcode": "", "country": "", "pnumber": "", "email": "", "payment_type": "", "created_at": "", "updated_at": "", "product": , "users_permissions_user":, "user": }, {"id": , "status":, "total": , "checkout_session": "", "sozlesme":, "date": "", "name": "", "surname": "", "company": "", "adress": "", "town": "", "state": "", "postcode": "", "country": "", "pnumber": "", "email": "", "payment_type": "", "created_at": "", "updated_at": "", "user": "product": {} }, "users_permissions_user":, "user": {} } ]
It is coming in orders that do not belong to the users given so far.
I want to make jwt tokens when sending requests to orders.
Whichever user the Jwt token matches, only the one that belongs to it should transform.
In the Post Order request you will have to pass
user: id
of the User such that the order is linked to the user. In the Get Order Requst
http://localhost:1337/order?user=id
Otherwise you can add a policy to the get method isOwner policy in the route.json file. Refer https://strapi.io/documentation/developer-docs/latest/guides/is-owner.html