Currently, anyone can modify or delete any products in the database. We should limit it such that only admins have full access to modify or delete products. Otherwise, users should only be able to modify their own products.
Proposed solution:
[ ] Store the creation user in the database.
[ ] Add additional express middleware to determine whether a user is an admin or owns the product.
[ ] Add backend guards to prevent unauthorized editing or deletion of products.
[ ] Add frontend guards to prevent users from accessing unauthorized product routes.
Currently, anyone can modify or delete any products in the database. We should limit it such that only admins have full access to modify or delete products. Otherwise, users should only be able to modify their own products.
Proposed solution: