Hi sir, I have a concern. Like you have set a field for the signup. That is completely fine. Now you are testing in an api. But in frontend I dont think we would have a field role cause anyone can signup as a admin.
Hi sir, I see your content, if you don't mind can you come up with sql database with same playlist and same content. So other and I can understand the how the database design in nosql and sql. Thank you ❤
hello sir, I have a question regarding a bug for the signup route anyone can come and register/signup their self as admin how can we fix this? please help
you can destructure the req.body and specify only the values that you want. in this case, do not include the 'role'. Then you can just go directly to the db and edit it from there.
no bro, I found it First we will self modify the super user in database by setting the role as admin and in backend we make a route using that we can modify the existing user as a role admin. This is how these things are done in industry. However, if the email and passord accidentally matched by random user during login process, they can make any one admin as per their choice. so for super user, there is a kind of verification process through email. I come to know these things when I consulted with senior developer of the company.
This is a recommeded youtube channel for both beginner and senior mern developer. Guy you are the best
you are so amazing for tutorials, thank you
when this course will be complete
so the restrict function is basically a closure? Wow! used it today.
Hi sir, I have a concern.
Like you have set a field for the signup. That is completely fine. Now you are testing in an api.
But in frontend I dont think we would have a field role cause anyone can signup as a admin.
I can’t find the code in the repo listed below
Hi sir,
I see your content, if you don't mind can you come up with sql database with same playlist and same content.
So other and I can understand the how the database design in nosql and sql.
Thank you ❤
hello sir, I have a question regarding a bug for the signup route anyone can come and register/signup their self as admin how can we fix this? please help
you can destructure the req.body and specify only the values that you want. in this case, do not include the 'role'. Then you can just go directly to the db and edit it from there.
do you really think this is a practical solution??
@@MithOpog
@4:40 how to fix it? Making an admin account like this is kind of unsafe?!
as anyone can set their role to admin using /signup endpoint . can you make video to fix that bug... or can tell me in comment to to fix that please
you found the solution ?
@@gaireyc6215 it will be handled in frontend
no bro, I found it
First we will self modify the super user in database by setting the role as admin and in backend we make a route using that we can modify the existing user as a role admin.
This is how these things are done in industry.
However, if the email and passord accidentally matched by random user during login process, they can make any one admin as per their choice. so for super user, there is a kind of verification process through email. I come to know these things when I consulted with senior developer of the company.
@@gaireyc6215 how we will create super user in database. By creating route or by directly in database??