api.pawol.nu/src/api/commentaire/controllers/commentaire.js

'use strict';

const { createCoreController } = require('@strapi/strapi').factories;
const { ApplicationError, NotFoundError, UnauthorizedError } = require("@strapi/utils").errors

module.exports = createCoreController('api::commentaire.commentaire', ({strapi}) => ({
  async create(ctx) {
    const {body} = ctx.request
    let {data} = body

    if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
      try {
        const {id} = await strapi.plugins[
          'users-permissions'
        ].services.jwt.getToken(ctx)

        if (id !== data.user.id) {
          throw new UnauthorizedError('Opération non autorisée')
        }
      } catch (err) {
        throw new UnauthorizedError(ctx, err, 'Opération non autorisée')
      }
    }
    const user = await strapi.documents('plugin::users-permissions.user').findOne({
      documentId: "__TODO__"
    })

    if (!user) {
      throw new NotFoundError('Utilisateur introuvable.')
    }

    if (user.id !== data.user.id || user.username !== data.user.username || user.email !== data.user.email) {
      throw new ApplicationError('Informations non valides.')
    }

    data.user = user.id

    const parole = await strapi.documents('api::parole.parole').findOne({
      documentId: "__TODO__",
      fields: ['id']
    })

    if (!parole) {
      throw new NotFoundError('Texte introuvable.')
    }

    const newCommentaire = await strapi.documents('api::commentaire.commentaire').create({
      data: {
        ...data
      }
    })

    await strapi.documents('api::parole.parole').update({
      documentId: "__TODO__",

      data: {
        commentaires: [newCommentaire.id]
      }
    })

    return newCommentaire;
  }
}))