Why is it when I see examples of using `update` wi...
# orm-helpa
Awey
12/31/2021, 11:20 PMWhy is it when I see examples of using
update Copy code
prisma.post.update({
where: { id: postId },
data: { ...data }
})Awey
12/31/2021, 11:24 PMWould you have to find the resource first.
Copy code
const post = prisma.post.findUnique({
where: { id: postId }
})
if (post.authorId !== userId) throw Error() // userId being currently logged in user
prisma.post.update({
where: { id: postId },
data: { ...data }
})m
Maciek K
12/31/2021, 11:33 PMHow you handle that is up to you. That check is fine for your use case. Are you using graphql by any chance? Remember that this is another db query. Sometimes you can just store a jwt in http oonly cookie with userId and check against that. Best if that jwt is being refreshed regularly.
a
Awey
12/31/2021, 11:34 PMI'm not using graphql. I have the user datat stored in a jwt already. I'm just wondering on the backend, I need to check if the post belongs to the user making the request right?
Awey
12/31/2021, 11:35 PMI was testing this with postman, I logged in as a user and I was able to update a post without being the owner of it
m
Maciek K
12/31/2021, 11:46 PMYes in that case, that's how you would do it. Your example is correct. You could probably make this in one query for updateMany.
.updateunique Copy code
prisma.post.updateMany({
where: { id: postId, authorId: userId },
data: { ...data }
})Maciek K
12/31/2021, 11:52 PMBut usually that check of yours is the correct way, yes.
r
Robert Fish
01/01/2022, 1:18 AMThis sort of thing sort of falls out of scope of an orm, how you handle that logic is up to you
a
Awey
01/01/2022, 1:53 AM@Maciek K oh yeah that seems to work. It just returns a count of how many resources were updated
Awey
01/01/2022, 1:54 AMit only accepts the
wheredataupdateManyAwey
01/01/2022, 1:54 AMI'll just stick to what I had before
Awey
01/01/2022, 1:54 AM@Robert Fish that's true, I was just trying to figure out what the best practice was