From ff466efb618062551bc465171d91f46e88221653 Mon Sep 17 00:00:00 2001
From: Jim LAURIE <j.laurie6993@gmail.com>
Date: Wed, 19 Feb 2020 17:08:16 +0100
Subject: [PATCH 1/3] docs(guide): add guide for isOwner policy

Signed-off-by: Jim LAURIE <j.laurie6993@gmail.com>
---
 docs/.vuepress/config.js             |   1 +
 docs/3.0.0-beta.x/guides/is-owner.md | 128 +++++++++++++++++++++++++++
 2 files changed, 129 insertions(+)
 create mode 100644 docs/3.0.0-beta.x/guides/is-owner.md

diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js
index e921c2ca85..fb746ff47e 100644
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@@ -205,6 +205,7 @@ module.exports = {
             '/3.0.0-beta.x/guides/custom-data-response',
             '/3.0.0-beta.x/guides/custom-admin',
             '/3.0.0-beta.x/guides/client',
+            '/3.0.0-beta.x/guides/is-owner',
             '/3.0.0-beta.x/guides/draft',
             '/3.0.0-beta.x/guides/scheduled-publication',
             '/3.0.0-beta.x/guides/slug',
diff --git a/docs/3.0.0-beta.x/guides/is-owner.md b/docs/3.0.0-beta.x/guides/is-owner.md
new file mode 100644
index 0000000000..06cfd8060a
--- /dev/null
+++ b/docs/3.0.0-beta.x/guides/is-owner.md
@@ -0,0 +1,128 @@
+# Create is owner policy
+
+This guide will explain how to create an update restriction for the entry's author only.
+
+## Introduction
+
+In many cases you would like that only the author of an entry has the ability to update or delete it's own entries.
+
+This is a feature that is requested many times and in this guide you will see how implement it by yourself.
+
+## Example
+
+For this example, we will need an Article Content Type.
+
+Add a `text` field and a `relation` field for this Content Type.
+
+The `relation` field is a **many-to-one** relation with User.<br>
+One User can have many Articles and one Article can have only one User.<br>
+Name the field `author` for the Article Content Type and `articles` on the User side.
+
+Now we are ready to start customization.
+
+## Apply the author by default
+
+When we are creating a new Article via `POST /articles` we would like to apply the authenticated user that execute the request as author of this article.
+
+To do that we will customize the `create` controller function of the Article API.
+
+**Concepts we will use:**
+Here is the code of [core controllers](../concepts/controllers.html#core-controllers).
+We will also use this [documentation](../plugins/users-permissions.html#user-object-in-strapi-context) to access the current authenticated user information.
+
+**Path —** `./api/article/controllers/Article.js`
+
+```js
+const { parseMultipartData, sanitizeEntity } = require('strapi-utils');
+
+module.exports = {
+  /**
+   * Create a record.
+   *
+   * @return {Object}
+   */
+
+  async create(ctx) {
+    let entity;
+    if (ctx.is('multipart')) {
+      const { data, files } = parseMultipartData(ctx);
+      data.author = ctx.state.user.id;
+      entity = await strapi.services.article.create(data, { files });
+    } else {
+      ctx.request.body.author = ctx.state.user.id;
+      entity = await strapi.services.article.create(ctx.request.body);
+    }
+    return sanitizeEntity(entity, { model: strapi.models.article });
+  },
+};
+```
+
+Now, when an article is created, the authenticated user is automaticaly set as author of the article.
+
+## Limit the update
+
+Now we will restrict the update of articles only for the author.
+
+We will use the same concepts as previously.
+
+**Path —** `./api/article/controllers/Article.js`
+
+```js
+const { parseMultipartData, sanitizeEntity } = require('strapi-utils');
+
+module.exports = {
+  /**
+   * Create a record.
+   *
+   * @return {Object}
+   */
+
+  async create(ctx) {
+    let entity;
+    if (ctx.is('multipart')) {
+      const { data, files } = parseMultipartData(ctx);
+      data.author = ctx.state.user.id;
+      entity = await strapi.services.article.create(data, { files });
+    } else {
+      ctx.request.body.author = ctx.state.user.id;
+      entity = await strapi.services.article.create(ctx.request.body);
+    }
+    return sanitizeEntity(entity, { model: strapi.models.article });
+  },
+
+  /**
+   * Update a record.
+   *
+   * @return {Object}
+   */
+
+  async update(ctx) {
+    let entity;
+
+    const [article] = await strapi.services.article.find({
+      id: ctx.params.id,
+      'author.id': ctx.state.user.id,
+    });
+
+    if (!article) {
+      return ctx.unauthorized(`You can't update this entry`);
+    }
+
+    if (ctx.is('multipart')) {
+      const { data, files } = parseMultipartData(ctx);
+      entity = await strapi.services.article.update(ctx.params, data, {
+        files,
+      });
+    } else {
+      entity = await strapi.services.article.update(
+        ctx.params,
+        ctx.request.body
+      );
+    }
+
+    return sanitizeEntity(entity, { model: strapi.models.article });
+  },
+};
+```
+
+And tada!

From 25e77a9bd1939e218a4237aa2f7a3af3b59a0965 Mon Sep 17 00:00:00 2001
From: Jim LAURIE <j.laurie6993@gmail.com>
Date: Thu, 20 Feb 2020 16:23:07 +0100
Subject: [PATCH 2/3] docs: add tip is owner delete

Signed-off-by: Jim LAURIE <j.laurie6993@gmail.com>
---
 docs/3.0.0-beta.x/guides/is-owner.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/3.0.0-beta.x/guides/is-owner.md b/docs/3.0.0-beta.x/guides/is-owner.md
index 06cfd8060a..2e03bf80a4 100644
--- a/docs/3.0.0-beta.x/guides/is-owner.md
+++ b/docs/3.0.0-beta.x/guides/is-owner.md
@@ -126,3 +126,7 @@ module.exports = {
 ```
 
 And tada!
+
+::: tip
+For the delete action, it will be the exact same check than the update action.
+:::

From f6de4c8213ef6d8b1bc21226d3457e2afa3a716b Mon Sep 17 00:00:00 2001
From: Jim LAURIE <j.laurie6993@gmail.com>
Date: Thu, 20 Feb 2020 19:06:40 +0100
Subject: [PATCH 3/3] docs: update is owner pr feedback

Signed-off-by: Jim LAURIE <j.laurie6993@gmail.com>
---
 docs/3.0.0-beta.x/guides/is-owner.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/3.0.0-beta.x/guides/is-owner.md b/docs/3.0.0-beta.x/guides/is-owner.md
index 2e03bf80a4..5bd136e576 100644
--- a/docs/3.0.0-beta.x/guides/is-owner.md
+++ b/docs/3.0.0-beta.x/guides/is-owner.md
@@ -1,12 +1,12 @@
 # Create is owner policy
 
-This guide will explain how to create an update restriction for the entry's author only.
+This guide will explain how to restrict content edition to content authors only.
 
 ## Introduction
 
-In many cases you would like that only the author of an entry has the ability to update or delete it's own entries.
+It is often required that the author of an entry is the only user allowed to edit or delete the entry.
 
-This is a feature that is requested many times and in this guide you will see how implement it by yourself.
+This is a feature that is requested a lot and in this guide we will see how to implement it.
 
 ## Example
 
@@ -22,9 +22,9 @@ Now we are ready to start customization.
 
 ## Apply the author by default
 
-When we are creating a new Article via `POST /articles` we would like to apply the authenticated user that execute the request as author of this article.
+When we are creating a new Article via `POST /articles` we will need to set the authenticated user as the author of the article.
 
-To do that we will customize the `create` controller function of the Article API.
+To do so we will customize the `create` controller function of the Article API.
 
 **Concepts we will use:**
 Here is the code of [core controllers](../concepts/controllers.html#core-controllers).