node.js - NodeJs, Mongoose: what's the best way to check auth before update? -

-

i want check if logged-in user(req.user) same person made post(post.author, it's objectid refering user) before update data. restrict route update form i'm double checking in case.

this code working, want know if there simpler or better way this.

app.put('/posts/:id', isloggedin, function(req,res){   post.findbyid(req.params.id, function (err,post) {     if(!req.user._id.equals(post.author)) return res.json({success:false, message:"unauthrized attempt"});     post.findbyidandupdate(req.params.id, req.body.post, function (err,post) {       res.redirect('/posts/'+req.params.id);     });   }); });

i found better way.

app.put('/posts/:id', isloggedin, function(req,res){   post.findoneandupdate({_id:req.params.id,author:req.user._id}, req.body.post, function (err,post) {     res.redirect('/posts/'+req.params.id);   }); });

Comments

Post a Comment

Popular posts from this blog

Google sheets equipment borrowing system -

-
i working on google sheets system shows has item. have never worked google apps script before, want check value of c2, make sheet copy of data (d2, e2, g2) here (it trying copy 2nd column) , move here (in different sheet same document) next corresponding name on each particular section i think want rotate data columns becomes rows, , rows become columns, right? what need [transpose][1] function. for example, in a2, if put =transpose('sheet 2'!c1:1) , google sheets automatically fill column values of first row of 'sheet 2', starting @ c1 position. updated answer: here working example here steps: get filtered list of timestamp matched equipment sort list it's reverse order get first item sorted list ("last date") get position of "last date" in timestamp list get item in action list @ same position "last date" if item "check out" it's not available. note: might want store result of index() ...
Read more

Meteor Users collection vs additional collection -

-
Image
i'n trying figure out, what's best practice building collections associated user's data.(in terms of reactive, queries speed, or other.) example, what's better? meteor.users.profile: {friends, likes, previous orders, locations, favorites, etc"}. or create additional collection keep data, example: meteor.userinfo.user{friends, locations, previous orders, etc"). thanks. meteor share | improve question asked jan 21 '16 @ 8:33 avi a 93 1 8 closed broad paul stenne , tushar , mogsdad , paul roub , jal jan 28 '16 @ 23:06 please edit question limit specific problem enough detail identify adequate answer. avoid asking multiple distinct questions ...
Read more

javascript - Filter Radio Elements -

-
i have jquery variable of array of radio elements. want further select specific element based on value. below idea of have i'm still not sure how accomplish this. var gender = 1; var radiobuttons = $('[name=\'gender\']'); //should contain 2 radio elements radiobuttons.find('[value=\'' + gender + '\']').prop('checked', true); html <label>female<input type="radio" name="gender" value="0"></label> <label>male<input type="radio" name="gender" value="1"></label> the .find() method attempt select descendant elements. since input element self-closed , doesn't contain descendant elements, nothing selected. it seems want .filter() method instead: var gender = 1; var radiobuttons = $("[name='gender']"); radiobuttons.filter(function () { return this.value === gender.tostring(); }).prop('checke...
Read more