Deleting a comment on post

[EmilyJarecki]

removing on postman but bot disappearing in MongoDB

[EmilyJarecki]

router.delete("/:entryId/:commentId/delete", requireToken, async (req, res, next) => { try { const entry = await Entry.findByIdAndUpdate( req.params.entryId, { $pull: { comments: req.params.commentId }, }, { new: true } ); if (!entry) { return res.status(400).send("entry not found"); } const deletedComment = await Comment.findByIdAndDelete(req.params.commentId); res.status(200).json(deletedComment); } catch (err) { res.status(400).json({ error: err.message }); } } );

Icky double params. New $pull method from stackoverflow https://stackoverflow.com/questions/61058347/how-to-delete-comment-from-post-on-node-express-and-mongoose-and-ajax

[EmilyJarecki]

Anyone can delete it. I need to handleValidateOwnership.

[EmilyJarecki]

const commentOwner = await Comment.findById(req.params.commentId); if (commentOwner.user.toString() !== req.user._id.toString()) { return res .status(403) .json({ error: "You are not authorized to delete this comment" }); }