New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth middleware usage #113
Comments
I didn't use the whole template, but the jwt should be in the request object. So you should be able to extract the id from that jwt and then check if the user that is updating is the same user that he has in his jwt. |
@am2222 this feature is already supported if the user is trying to fetch/update/delete its own profile. Check here:
|
Hi, @hagopj13 I'm just wondering what you would recommend if I want users can only modify/delete its own posts, where posts are objects stored in another document and has a property called Thanks. |
Hello,
I checked this middleware and it seems straightfoward. However I wanted to see how we can achieve the following authentication structure:
lets say we have this route:
router.patch('/users', auth('manageUsers'), userController.updateUser);
How we can only make a user use it if they are only updating their own profile? If we set this rule clearly users who have access to
manageUsers
can update eachother's profiles. But we want a user only be able to update their own profile. Maybe we should use validations?The text was updated successfully, but these errors were encountered: