Fix RBAC upload permissions

[Convly]

What does it do?

Fix an issue where setting permissions with conditions on the assets for the upload plugin can break the permissions checks.
In a previous PR, the auto-populate for the fetch has been removed, which caused the created_by attribute to be raw instead of populated, hence causing an issue when fetching the associated role.

As a fix, we simply use the raw identifier (from the created_by field) instead of trying to access the id property inside.

Another idea would've been to fetch directly the whole user based on the created_by id, but it would mean fetching also unwanted properties for the user, such as password & co.

Why is it needed?

Upload plugin's assets permissions are not working as they should.

How to test it?

See: #10452 ("Steps to reproduce this issue")

Related issue(s)/PR(s)

introduced by #10370
fix #10452

[codecov]

Codecov Report

Merging #10484 (24cf3a5) into master (0ab3503) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master   #10484   +/-   ##
=======================================
  Coverage   58.06%   58.06%           
=======================================
  Files         185      185           
  Lines        6434     6434           
  Branches     1399     1399           
=======================================
  Hits         3736     3736           
  Misses       2235     2235           
  Partials      463      463           

Flag	Coverage Δ
front	∅ <ø> (∅)
unit	58.06% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0ab3503...24cf3a5. Read the comment docs.

[strapi-bot]

This pull request has been mentioned on Strapi Community Forum. There might be relevant details there:

https://forum.strapi.io/t/roles-and-permissions/4947/3