New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sanitize.contentAPI not populating relations #14251
Comments
FYI: I am using an extension to override the controller so that I could enforce the population of fields for
|
Please see this entry in the documentation: https://docs.strapi.io/developer-docs/latest/developer-resources/database-apis-reference/rest/populating-fields.html#relation-media-fields Specifically: Can you please confirm if you have enabled the find permission for the related content-types you are trying to populate? |
@derrickmehaffy That is indeed the culprit. It might be a feature request to allow the population of relations as I might not want to 'open' all the items in a collection to a role, but just the ones that are linked (by means of a relation) to the up-user in this case. Right now, I will have to overwrite the find handler for this. e.g. I have a user with collection item id 1 en 2 linked to it. Assigning the find permissions to the collection means it can also retrieve the item with id 3 by just sending a request to |
It's a use-case we are widely aware of but cannot fix with the current plugin and we are evaluating building a new one but no ETA on that. Basically it resolves around this feature: https://feedback.strapi.io/feature-requests/p/field-level-permissions-end-user-management Since you confirmed it I'll mark this as closed but I'll mention this issue on that FR |
Thanks for the quick reply! Indeed this relates to the up-plugin. In hindsight, this also explains why I cannot |
You can create a route policy or middleware to restrict actual find access but indeed the permission isn't ideal |
This issue has been mentioned on Strapi Community Forum. There might be relevant details there: https://forum.strapi.io/t/strapi-v4-search-by-slug-instead-id/13469/43 |
Bug report
Required System information
Describe the bug
I am trying to populate relations on the user object by calling
api/users?populate=*
. Using the custom extension below:schema
Printing the user object before it is passed to
sanitize.contentAPI.output(...)
shows the object with the relations. After sanitizing the output only thefavoriteSessions
relation is populated and not the other relations like the defaultrole
.Steps to reproduce the behavior
src/extensions/users-permissions/strapi-server.js
(there is no overriding happening in the snippet above).api/users/me
endpointExpected behavior
I am expecting the sanitize function to return the relations on the user object as defined in the schema.
Additional context
There has been issues in the past regarding population see #11957.
The text was updated successfully, but these errors were encountered: