0

I need to restrict editing and deleting options on a list of events to the creators of those events only.

I managed to fetch the currentUser._id when submitting the form and save it on my mongoDB, but I now face the problem of how to compare this to the session.currentUser._id in order to match them and use them in my {{#if}} in handlebars. Does anyone have any input on how to approach this? below is my JS and hbs for reference.

router.get('/events-all', (req, res, next) => {
  res.render('events/events-all');
  });
  
  router.post('/new-event', (req, res, next) => {
      const host = req.session.currentUser._id;
      const { title, location, date, time } = req.body;
      const newEvent = new Event({ title, location, date, time, host });
      newEvent.save()
      .then(() => {
        res.redirect('events-all');
      })
      .catch((error) => {
        console.log('Error while adding event', error);
      });
    });
{{#if (host === currentUser._id) }}
<section class="cards">
  <article class="card-events">
      <h3>{{location}}</h3>
          <picture class="thumbnail">
         <img class="category__01" src="/images/citydefult.jpeg" alt="" />
    </picture>
      <h5>{{title}}</h5>
      <h6>{{date}}</h6>
      <p>Starting time: {{time}}</p>
      <a href="/events/{{id}}/edit">
          <button type="submit" class="btn btn-danger">Edit</button>
      </a> 
        <form method="POST" action="/events/{{id}}/delete">
          <button type="submit" class="btn btn-danger">Delete</button> 
        </form>
  </article>
</section>
{{else}}
<section class="cards">
  <article class="card-events">
      <h3>{{location}}</h3>
          <picture class="thumbnail">
         <img class="category__01" src="/images/citydefult.jpeg" alt="" />
    </picture>
      <h5>{{title}}</h5>
      <h6>{{date}}</h6>
      <p>Starting time: {{time}}</p>
        </form>
  </article>
</section>
{{/if}}
Jacopo
  • 143
  • 1
  • 1
  • 10
  • I think what you're are asking has been asked before: https://stackoverflow.com/q/34252817/3397771 – 76484 Mar 30 '20 at 16:22
  • Hi 76484, my problem here is that the strings I´d be using will be changing from user to user. Meaning I´d need to compare host === req.session.currentUser._id where req.session.currentUser._id changes always. Definitely I´m a little confused here but I do not see how I can use these two paramenters in {{#ifEquals sampleString "This is a string"}} and Handlebars.registerHelper('ifEquals', function(a, b, options) { return (a === b) ? options.fn(this) : options.inverse(this); }); – Jacopo Apr 01 '20 at 09:20
  • Where is the code that renders the above template? – 76484 Apr 01 '20 at 14:28
  • The code above is a partial I´m using to render each card with the event in it, I just 'call' the partial on my /events/events-all with: {{#each events}} {{> eventsCard}} {{/each}} The code above using ifEquals makes a lot of sense, but i just don´t know if it can be adapted to my case, and if so how I should write it. – Jacopo Apr 02 '20 at 15:05
  • I'm not sure that I understand where the problem is. Do you have access to the value of `host` within your partial? – 76484 Apr 02 '20 at 17:34
  • No, that is where i have my block, I don´t know how this can be assigned in JS to check if the two parameters (current.user._id === host). The host is only assigned within the: router.post('/new-event', (req, res, next) => { const host = req.session.currentUser._id; const { title, location, date, time } = req.body; const newEvent = new Event({ title, location, date, time, host }); newEvent.save() .then(() => { res.redirect('events-all'); }) }); So there´s no real global scope for it, nor a (if true / else false) that i can work out. – Jacopo Apr 02 '20 at 22:51
  • Why can't you get the "host" from the session in `/events-all` the same way that you are doing it in `/new-event` and pass it to your template to do the comparison against the `host` property on each Event? – 76484 Apr 02 '20 at 23:05
  • That could work! I didn’t think about looking at it that way... I will give that a good shot tomorrow morning, it’s 1AM now here so I better get some rest I guess thanks a lot for your time here! It’s highly appreciated! – Jacopo Apr 02 '20 at 23:14

0 Answers0