Hi! Is there a correct way to validate that the us...
# orm-helpp
Pedro Bonamin
07/13/2022, 1:29 PMHi! Is there a correct way to validate that the user has permissions to modify an entry?
I'm a app that has a products CRUD
Each product belongs only to one user.
Which will be the correct way to validate that the product that will be modified, belongs to the user?
I'm currently fetching the product, validating the user is correct, and then updating the product.
But can this be done in the same update mutation?
Something like this?
✅ 1
r
Richard Ward
07/13/2022, 1:40 PMI think the problem is update can only run on a unique field,
updateManyRichard Ward
07/13/2022, 1:41 PMhi @Pedro Bonamin - you could also write what you have as:
Copy code
prisma.product.updateMany({
where: {
userId: userId,
id: req.query.id
}
});ANDp
Pedro Bonamin
07/13/2022, 2:26 PMGotcha! Makes sense! Thanks
Pedro Bonamin
07/13/2022, 2:26 PMIt's bad that we can't do it by just using the update, which makes more sense for the type of action
y
Yuval Datner
07/13/2022, 9:26 PMYou can always check it before-hand if the update semantic is important or more ergonomic
Copy code
let product = await prisma.product.findFirst({where: { userId, id }})
if (!product) throw new NotFoundError()
product = await prisma.product.update({ where: {id}, data: input})2 Views