In this post, we will see how we can create a content type. And, configure user permissions.
This post assumes you have installed strapi. See How to install Strapi backend
- We will create an Article type with following fields,
- Body with rich text
- Only authenticated user will be able to create an article
- Anybody can view the published article
- Enable REST APIs for creating/reading/updating/deleting an article.
Create an Article Content type
Create New Collection Type, and give it a name:
Create two fields:
- title, type: Text
- body, type: Rich Text
Create New Article
Lets try to create a new article.
- Refresh your strapi admin panel
- Click on: “Collection Types” -> Articles
- On top right corner, click on “Add new Article”
- Write title and body.
- Click Save. Do not forgot to click on Publish button.
Setting up Permissions for REST API
As I mentioned above, our two objectives here:
- Anyone should be able to see articles
- Only authenticated users will be able to create one
Configuring Anonymous(Public) user permissions:
- Click on Settings
- Click on Roles (Under Users & Permissions plugin)
- Click on Public, wait for 2-3 seconds. It takes time to load settings
- Click checkbox for count, findone find
- Click save
Configuring Authenticated user permissions:
- Similarly click on “Authenticated” Role
- Click checkbox for count, create, delete, find, findone, update
- Click save
Try on Postman
GET All Articles
Do a GET request for all articles:
GET single article by id
Now, if you try to create by anonymous user, you will get http error: 401
Because we have configured to create article only by authenticated users.
We will see this in next post, how we can create an article by REST API and an authenticated user.
So far, we have only configured that only authenticated users can create/edit/delete the article.
But, we do not want any authenticated user to update or delete any other article.
Lets see next post for configuring this.