node.js - NodeJs, Mongoose: what's the best way to check auth before update? -

-

i want check if logged-in user(req.user) same person made post(post.author, it's objectid refering user) before update data. restrict route update form i'm double checking in case.

this code working, want know if there simpler or better way this.

app.put('/posts/:id', isloggedin, function(req,res){   post.findbyid(req.params.id, function (err,post) {     if(!req.user._id.equals(post.author)) return res.json({success:false, message:"unauthrized attempt"});     post.findbyidandupdate(req.params.id, req.body.post, function (err,post) {       res.redirect('/posts/'+req.params.id);     });   }); });

i found better way.

app.put('/posts/:id', isloggedin, function(req,res){   post.findoneandupdate({_id:req.params.id,author:req.user._id}, req.body.post, function (err,post) {     res.redirect('/posts/'+req.params.id);   }); });

Comments

Post a Comment

Popular posts from this blog

android - Why am I getting the message 'Youractivity.java is not an activity subclass or alias' -

-
Image
i created own android project , cut , pasted code exercise: http://androidexample.com/show_phone_contacts_in_autocomplete_suggestions_-_android_example%20/index.php?view=article_discription&aid=106&aaid=128# when build project no errors or warnings. when run project window error: annoyingly, can't make window smaller, can't click of buttons. cick 'x' @ top, close it. here's project structure: where getting 'autocompletemain' from? (note small c) class named autocompletemain. help. and have activity included in android manifest, in case you're wondering: <?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.androidexample.autocompleteedittext" android:versioncode="1" android:versionname="1.0" > <uses-permission android:name="android.permission.read_phone_state...
Read more

Making Empty C++ Project: General exception (Exception from HRESULT:0x80131500) Visual Studio Community 2015 -

-
i'm trying make new c++ empty project in visual studio community 2015. however, hit okay, tells me 1 or more errors have occured, , general exception (exception hresult:0x80131500). i've been trying online other results, none have helped far , wondering if here knew how fix it. i've tried re installing , tried windows ultimate 2013 , i'd still unable make empty project. in case stopped working when i've tried switch solution "debug" "release" configuration. after vs started fail load projects or create new ones message have mentioned (exception hresult:0x80131500). what did trying create new c# project on have got more clear , useful message, saying vs 2015 can not open following file: c\programfiles(x86)\msbuild\14.0\bin\microsoft.common.currentversion.targets when have checked file have found corrupted in weird way - size of file same original 80% of file garbage. after have downloaded original file microsoft reference so...
Read more

How to fix java warning for "The value of the local variable is not used " -

-
how avoid java warning says the value of local variable not used for variable declared private ? you have multiple choices: remove field. unused, shouldn't there. comment out field, e.g. using // todo temporary hiding of warning until write code using field. suppress warning using @suppresswarnings("unused") . disable warning in ide settings. eclipse, in window > preferences java > compiler > error/warnings unnecessary code > unused private member select option ignore for #3 , #4, though, although can, why want to?
Read more