问题
Coding a news website,I'm trying to make authorization so that only the author (who posted the article) is able to edit and delete it (these buttons appear at the bottom of the page and are visible to all the users).
But then there are certain news/websites which don't have a login/sign up option. For example : http://www.denofgeek.com/us . Because they have no authentication, does this mean that they have no authorization? How are they able to edit/delete the articles if the settings for the authors are the same as the rest of the users ?
Code:
app.get("/blog/:id/:title/edit", function(req,res) {
Blog.findById(req.params.id, function(err, foundBlog) {
if(err) {
res.redirect("/blog");
} else {
res.render("editBlog", {blog : foundBlog});
}
})
})
//UPDATE BLOG
app.put("/blog/:id/:title", function(req,res) {
req.body.blog.body = req.sanitize(req.body.blog.body);
Blog.findByIdAndUpdate(req.params.id, req.body.blog,{new: true}, function(err,updatedBlog) {
if(err) {
res.redirect("/blog");
} else {
res.redirect("/blog/" + req.params.id + "/" + req.params.title);
}
})
})
How should I go about editing/deleting the articles if I don't want to use authentication?
P.S : I can, of course, remove the edit and delete buttons appearing on the page and send PUT and DELETE requests via Postman, but it's obviously a bad idea!
回答1:
After going though the website you mentioned the have one for users and one is separate for admin where author can login and make updates add new post and delete old once.
It is not possible that without any authentication you can make edits / delete for a specific user.
So you should do it like just create a separate panel for author and set a login page for that so only the authorized person can enter the page and there you can implement the functionality of deleting/updating even I would advice you to use authorization so if anyone came to know about your apis they cant make edits until they have the token to that you can use this jsonwebtoken to implement authorization.
Hope this helps.
来源:https://stackoverflow.com/questions/43015578/authorization-in-node-js