Prevent changes on PATCH
Closed this issue · 3 comments
sylvainlap commented
Currently, it is really easy to PATCH a user to set isVerified, or a resetToken.
Maybe you should add a built-in hook to prevent these changes on PATCH /user/:id ?
eddyystop commented
Whatever additional controls are implemented, someone will come up with a valid, opposing use case.
You can use the preventChange hook https://docs.feathersjs.com/api/hooks-common.html#preventchanges
Feel free to make a PR to the docs with a small note mentioning the situation.
sylvainlap commented
PR: #56
eddyystop commented
Thanks. Merged. It'll be published as 0.4.3.