Mern Amazona – isAdmin check conflicting with user profile edit screen

Question

180 viewsApril 7, 2023Mern Amazona

0

Vaibhaw mishra 28 March 11, 2023 2 Comments

Hello sir,

I’m getting this error:
“`

Cast to ObjectId failed for value “profile” (type string) at path “_id” for model “User”
“`
when I try to update customer user profile
I did some debugging and seems like this is happening because of code in userRoutes.js
Heres my full userRoutes.js code:
“`

import express from ‘express’;
import bcrypt from ‘bcryptjs’;
import User from ‘../models/userModel.js’;
import { generateToken, isAuth, isAdmin } from ‘../utils.js’;
import expressAsyncHandler from ‘express-async-handler’;
const userRouter = express.Router();
userRouter.get(
‘/’,
isAuth,
isAdmin,
expressAsyncHandler(async (req, res) => {
const users = await User.find({});
res.send(users);
})
);
userRouter.get(
‘/:id’,
isAuth,
isAdmin,
expressAsyncHandler(async (req, res) => {
const user = await User.findById(req.params.id);
if (user) {
res.send(user);
} else {
res.status(404).send({ message: ‘User Not Found’ });
}
})
);
userRouter.put(
‘/:id’,
isAuth,
isAdmin,
expressAsyncHandler(async (req, res) => {
const user = await User.findById(req.params.id);
if (user) {
user.name = req.body.name || user.name;
user.email = req.body.email || user.email;
user.isAdmin = Boolean(req.body.isAdmin);
user.isSeller = Boolean(req.body.isSeller);
const updatedUser = await user.save();
res.send({ message: ‘User Updated Successfully’, user: updatedUser });
} else {
res.status(404).send({ message: ‘User Not Found’ });
}
})
);
userRouter.delete(
‘/:id’,
isAuth,
isAdmin,
expressAsyncHandler(async (req, res) => {
const user = await User.findById(req.params.id);
if (user) {
if (user.email === ‘admin@example.com’) {
res.status(400).send({ message: ‘Can Not Delete Admin User’ });
return;
}
await User.findByIdAndDelete(req.params.id);
res.send({ message: ‘User Deleted’ });
} else {
res.status(404).send({ message: ‘User Not Found’ });
}
})
);
userRouter.post(
‘/signin’,
expressAsyncHandler(async (req, res) => {
const user = await User.findOne({ email: req.body.email });
if (user) {
if (bcrypt.compareSync(req.body.password, user.password)) {
res.send({
_id: user._id,
name: user.name,
email: user.email,
isAdmin: user.isAdmin,
isSeller: user.isSeller,
token: generateToken(user),
});
return;
}
}
res.status(401).send({ message: ‘Invalid Email/Password’ });
})
);
userRouter.post(
‘/signup’,
expressAsyncHandler(async (req, res) => {
// creating new user
const newUser = new User({
name: req.body.name,
email: req.body.email,
password: bcrypt.hashSync(req.body.password),
});
// saving new user in mongodb
const user = await newUser.save();
// returns new user data to the frontend
res.send({
_id: user._id,
name: user.name,
email: user.email,
isAdmin: user.isAdmin,
isSeller: user.isSeller,
token: generateToken(user),
});
})
);
userRouter.put(
‘/profile’,
isAuth,
expressAsyncHandler(async (req, res) => {
const user = await User.findById(req.user._id);
if (user) {
user.name = req.body.name || user.name;
user.email = req.body.email || user.email;
if (req.body.password) {
user.password = bcrypt.hashSync(req.body.password, 8);
}
const updatedUser = await user.save();
res.send({
_id: updatedUser._id,
name: updatedUser.name,
email: updatedUser.email,
isAdmin: updatedUser.isAdmin,
isSeller: updatedUser.isSeller,
token: generateToken(updatedUser),
});
} else {
res.status(404).send({ message: ‘User not found’ });
}
})
);
export default userRouter;
“`
and the problem is happening because of this line:
“`

userRouter.put(
‘/:id’,
isAuth,
isAdmin,
expressAsyncHandler(async (req, res) => {
const user = await User.findById(req.params.id);
if (user) {
user.name = req.body.name || user.name;
user.email = req.body.email || user.email;
user.isAdmin = Boolean(req.body.isAdmin);
user.isSeller = Boolean(req.body.isSeller);
const updatedUser = await user.save();
res.send({ message: ‘User Updated Successfully’, user: updatedUser });
} else {
res.status(404).send({ message: ‘User Not Found’ });
}
})
);
“`
So when I comment this out I am successfully able to edit user profile but then I wont be able to edit isAdmin checkbox data

Thank you for looking onto my issue

Bassir Changed status to publish April 7, 2023

Vaibhaw mishra commented March 11, 2023

Also when the user is not Admin it says:
“`
Invalid Admin Token
“`

Vaibhaw mishra commented March 11, 2023

Sir I fixed it
It seems like the problem was since the backend was trying to fetch user by id: const user = await User.findById(req.user._id);
It was unable to find a use cause it was taking ‘profile’ as string so what I did is I sent the userid from frontend and changed the request to /profile/:id and it worked

Also when the user is not Admin it says:
“`
Invalid Admin Token
“`
Sir I fixed it
It seems like the problem was since the backend was trying to fetch user by id: const user = await User.findById(req.user._id);
It was unable to find a use cause it was taking ‘profile’ as string so what I did is I sent the userid from frontend and changed the request to /profile/:id and it worked

0 Answers