STARTING WITH AUTHENTICATION

 HERE WHEN A USER LOG'S IN INTO HIS ACCOUNT ,THE USER IS ABLE TO EDIT AND DELETE THE LISTINGS CREATED BY OTHER OWNERS. INORDER TO STOP THIS WE ADD AUTHENTICATION.

IN SHOW.EJS WE APPLY A CONDITION SUCH THAT ONLY THE RESPECTIVE OWNER OF THE LISTING IS ABLE TO EDIT AND DELETE THE LISTING.

    <% if (currUser &&currUser._id .equals(listing.owner._id)) { %>
      <div class="btns">
        <form method="get" action="/listings/<%= listing._id %>/edit">
          <button class="btn btn-dark offset-2 edit-btn">EDIT</button>
        </form>
        <br /><br />
        <form method="post" action="/listings/<%= listing._id %>?_method=delete">
          <button class="btn btn-dark offset-2 dlt-btn">DELETE</button>
        </form>
      </div>
   <% } %>
   


HERE,WE LOGGED IN AS KOHLI 


THE EDIT AND DELETE BUTTONS ARE INVISIBLE AS THE LISTING IS OWNED BY RAINA.



HERE IN THIS LISTING EDIT AND DELETE BUTTONS ARE VISIBLE AS IT IS OWNED BY KOHLI HIMSELF.




Comments

Post a Comment