These are chat archives for Automattic/mongoose

Jul 2018
Jonathan Díaz
Jul 03 2018 16:15 UTC

instead of user.can.deleteWorld how about doing a method likes like Worlds.authMakeChanges, which can authenticate a users credentials and make sure they can make changes. Based on that, if the result is true, you can then delete the world.

let world = Worlds.findOne({id})
.then(world => {
  world.authMakeChanges('`, 'mypassword', function(response){
    if (!response) return console.log("You cant make changes to the world");

     world.remove().exec() // pseudo code

I don't know the full scale of your code, so I'm not sure this is exactly what you're looking for.