// path: src/extensions/users-permissions/strapi-server.js module.exports = plugin => { const sanitizeOutput = (user) => { const { password, resetPasswordToken, confirmationToken, ...sanitizedUser } = user; // be careful, you need to omit other private attributes yourself return sanitizedUser; }; plugin.controllers.user.me = async (ctx) => { if (!ctx.state.user) { return ctx.unauthorized(); } const user = await strapi.entityService.findOne( 'plugin::users-permissions.user', ctx.state.user.id, { populate: ['role','company','division'] } ); ctx.body = sanitizeOutput(user); }; plugin.controllers.user.findOne = async (ctx) => { const user = await strapi.entityService.findOne( 'plugin::users-permissions.user', ctx.params.id, { ...ctx.params ,populate: ['role','company','division'], ...ctx.query, } ); ctx.body = sanitizeOutput(user); }; plugin.controllers.user.find = async (ctx) => { const users = await strapi.entityService.findMany( 'plugin::users-permissions.user', { ...ctx.params, populate: ['role', 'company','division'], ...ctx.query, } ); ctx.body = users.map(user => sanitizeOutput(user)); }; return plugin; };