Populate only role relation to authorize user

2025-09-25 16:29:34 +00:00 · 2019-11-16 01:05:21 +01:00 · 2019-11-16 01:05:21 +01:00 · cff8fd9041
commit cff8fd9041
parent c603ec3499
1 changed files with 2 additions and 2 deletions
--- a/packages/strapi-plugin-users-permissions/config/policies/permissions.js
+++ b/packages/strapi-plugin-users-permissions/config/policies/permissions.js
@ -16,11 +16,11 @@ module.exports = async (ctx, next) => {
      if (isAdmin) {
        ctx.state.admin = await strapi
          .query('administrator', 'admin')
-          .findOne({ id });
+          .findOne({ id }, ['role']);
      } else {
        ctx.state.user = await strapi
          .query('user', 'users-permissions')
-          .findOne({ id });
+          .findOne({ id }, ['role']);
      }
    } catch (err) {
      return handleErrors(ctx, err, 'unauthorized');