g0053
g005310mo ago

I am currently going through tutorial and have a question

I am going through this tutorial https://www.youtube.com/watch?v=s5YM1kH1ht8&t=6986s I am liking the way convex works. The only thing I cant seem to figure out is how you would stop one user from editing another users data. In the convex files that are just checking the user is Authenticated. I also checked the convex docs with the integration of clerk and it all looks the same. But I tested it and different users can edit each others data. How would I go about implementing it so that only the creating user could edit the data
freeCodeCamp.org
YouTube
Full Stack Tutorial – Fiverr Clone with NextJS, React, Convex, Type...
Learn how to create a fiverr clone with NextJS, React, Convex, Typescript, Tailwind CSS, ShadCN. This is a great project for improving your skills as a full stack developer. Code: https://github.com/vukrosic/next14-fiverr Course created by @vukrosic ⭐️ Contents ⭐️ ⌨️ (0:00:00) Demo and Intro ⌨️ (0:03:27) Setup - Convex, Clerk, NextJS, ShadCN...
1 Reply
Michal Srb
Michal Srb10mo ago
A simple way is to check that the authenticated user is the one that "owns" the mutated document. This all depends on your app, but for example: 
export const deleteSomething = mutation(
  args: { id: v.id("somethings") },
  handler: async (ctx, { id }) => {
    // getCurrentUser uses `ctx.auth.getUserIdentity()`
    const user = await getCurrentUser(ctx);
    const something = ctx.db.get(id);
    if (user === null || user._id !== something.ownerId) {
      throw new Error("Unauthenticated");
    }
    await ctx.db.delete(id);
  },
});
export const deleteSomething = mutation(
  args: { id: v.id("somethings") },
  handler: async (ctx, { id }) => {
    // getCurrentUser uses `ctx.auth.getUserIdentity()`
    const user = await getCurrentUser(ctx);
    const something = ctx.db.get(id);
    if (user === null || user._id !== something.ownerId) {
      throw new Error("Unauthenticated");
    }
    await ctx.db.delete(id);
  },
});

Did you find this page helpful?