findUnique from current user
Hi, I would like to get 1 entry by id, but only if the entry belongs to the current user.
Is that possible with
findUnique or do I have to use find findMany or findFirst?
Example:
6 Replies
I think
findFirst sounds fine, but it is getting worse, when we get to update or delete, because I would have to use deleteMany to put in multiple filter.
you can use delete it only deletes one, is the deposit id unique?
change deleteMany to delete
yes, but if another user gets the id he could delete it.
Is that securety wise ok?
the only way for you to solve that, is to select the deposit by his id, get the userID returned on the response, check if it equal to the user logged in, and if yes delete else no
something like this:
// Get a deposit by id from the current user
getById: protectedProcedure
.input(z.object({ id: z.string() }))
.query(async ({ ctx, input }) => {
const deposit = await ctx.prisma.deposit.findFirst({
where: {
id: input.id,
},
})
if(deposit.userId == ctx.session.user.id){ const deposit = await ctx.prisma.deposit.delete({ where: { id: input.id, }, }); } else{ return ("Not your deposit.") } return ("Deleted")
}
}), note i dont know if its well written is just a sketch
if(deposit.userId == ctx.session.user.id){ const deposit = await ctx.prisma.deposit.delete({ where: { id: input.id, }, }); } else{ return ("Not your deposit.") } return ("Deleted")
}
}), note i dont know if its well written is just a sketch
I will take a look