Examples cookbook: Custom routes
This page is part of the back end customization examples cookbook. Please ensure you've read its introduction.
💭 Context:
Out of the box, FoodAdvisor does not control access to its content-type endpoints.
Let's say we previously created a policy to restrict access to the "Reviews" content-type to some conditions, for instance to prevent a restaurant's owner to create a review for their restaurants. We must now enable the policy on the route we use to create reviews.
🎯 Goals:
- Explicitly define a routes configuration for the "Reviews" content-type.
- Configure the route used when creating a review to:
- bypass the default Strapi authentication system
- and restrict access depending on the previously defined custom policy.
Additional information can be found in the Policies and Routes documentation.
🧑💻 Code example:
In the /api
folder of the FoodAdvisor project, replace the content of the api/src/api/review/routes/review.js
file with the following code:
'use strict';
const { createCoreRouter } = require('@strapi/strapi').factories;
module.exports = createCoreRouter('api::review.review', {
config: {
create: {
auth: false, // set the route to bypass the normal Strapi authentication system
policies: ['is-owner-review'], // set the route to use a custom policy
middlewares: [],
},
},
});
:::strapi What's next? Learn more about how to configure custom middlewares to perform additional actions that extend your Strapi-based application. :::