Update Strapi User

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aliquam sit amet maximus augue, ac scelerisque tellus. Curabitur sem ipsum, egestas eu orci eu, mattis pretium libero. Curabitur luctus, velit quis sagittis imperdiet, lectus diam euismod turpis, sit amet lacinia nibh magna quis orci. Etiam malesuada, massa at gravida tempor, erat ligula feugiat elit, ut ultricies enim erat sit amet metus. Pellentesque malesuada massa libero, in eleifend magna cursus eu. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Etiam in tristique sem. Vivamus auctor dapibus finibus. Nunc commodo augue at lacus suscipit ultrices. Cras dictum eget turpis condimentum iaculis. Vivamus placerat laoreet hendrerit. Vestibulum mattis ullamcorper mi, quis tempus dui mattis nec.

~/src/extensions/users-permissions/strapi-server.ts
export default (plugin) => {
  plugin.policies["is-owner"] = (ctx) => {
    if (ctx.state.user.id == ctx.params.id) {
      return true;
    }
    return false;
  };
  plugin.controllers.user.updateAvatar = async (ctx) => {
    // get id of current avatar
    let currentAvatarId: number;
    if (ctx.state.user.avatar) {
      currentAvatarId = ctx.state.user.avatar.id;
    }
    // upload new avatar
    await strapi.plugins.upload.controllers["content-api"].upload(ctx);
    // if there was an avatar before, delete the old one.
    if (currentAvatarId) {
      await strapi.entityService
        .delete("plugin::upload.file", currentAvatarId)
        .then((ctx.response.status = 200));
    }
  };
  plugin.controllers.user.deleteAvatar = async (ctx) => {
    if (!ctx.state.user.avatar) {
      return (ctx.response.status = 404);
    }
    await strapi.entityService
      .delete("plugin::upload.file", ctx.state.user.avatar.id)
      .then((ctx.response.status = 200));
  };
  // add isOwner policy to update user route
  for (let i = 0; i < plugin.routes["content-api"].routes.length; i += 1) {
    const routes = plugin.routes["content-api"].routes;
    const route = routes[i];
    if (
      route.method === "PUT" &&
      route.path === "/users/:id" &&
      route.handler === "user.update"
    ) {
      routes[i] = {
        ...route,
        config: {
          ...route.config,
          policies: ["is-owner"],
        },
      };
    }
  }
  plugin.routes["content-api"].routes.push({
    method: "POST",
    path: "/users/:id/avatar",
    handler: "user.updateAvatar",
    config: {
      policies: ["is-owner"],
    },
  });
  plugin.routes["content-api"].routes.push({
    method: "DELETE",
    path: "/users/:id/avatar",
    handler: "user.deleteAvatar",
    config: {
      policies: ["is-owner"],
    },
  });
  return plugin;
};

© 2023 christianburkh.art