Complete the code to get the user ID from the request object.
const userId = req.[1].id;The user ID is usually stored in req.user after authentication middleware runs.
Complete the code to compare the resource owner ID with the logged-in user ID.
if (resource.ownerId.toString() === req.user.[1]) {
The id property uniquely identifies the user and is used to check ownership.
Fix the error in the ownership check condition.
if (resource.ownerId.[1]() === req.user.id) {
Since resource.ownerId is an ObjectId, convert it to string before comparing with req.user.id.
Fill all three blanks to correctly check ownership and send a 403 response if unauthorized.
if (resource.ownerId.[1]() !== req.user.[2]) { return res.status(403).[3]('Forbidden'); }
json instead of send for simple messageConvert ownerId to string, compare with req.user.id, and send a 403 Forbidden response using res.status(403).send().
Fill all three blanks to create a middleware that checks resource ownership before proceeding.
async function checkOwnership(req, res, next) {
const resource = await Resource.findById(req.params.[1]);
if (!resource) return res.status(404).[2]('Not found');
if (resource.ownerId.[3]() !== req.user.id) {
return res.status(403).send('Forbidden');
}
next();
}json instead of sendThe middleware gets the resource by req.params.id, sends a 404 with send if not found, and compares ownerId.toString() with req.user.id to check ownership.