Backendless Version (3.x / 5.x, Online / Managed / Pro )
Pro
Client SDK (REST / Android / Objective-C / Swift / JS )
REST (though I’m using NodeJS to access it so written in a javascript fashion)
Application ID
171CA312-7993-D705-FF43-726B34A66800
Issue
I have a situation where I have multiple “products” in a table, each with their ‘ownerId’ so I know which user created them. I currently have the Javascript permissions blocked because there are certain columns that I don’t want the user to update on their own. Instead, I have a Netlify Function that can access this table through REST. I validate that their payment was successful, and then using their objectId, the product’s objectId, and the Stripe checkout ID, I would like to do something like this (written in SQL because im not sure how it would look in Backendless):
UPDATE
products
SET
paid = true
WHERE
objectId = "abc-123"
ownerId = "xyz-890"
stripeId = "123456"
I’ve read through the docs on both REST and JS but have not found anything that looks like what I’m trying to do. Is there a way to do a custom query in backendless? One of the reason’s I would like to do this is because I don’t want a user to spoof one of the products for another product that they haven’t paid for, and have it marked as “paid” in the database. If I check both the stripe ID and the objectId, then it reduces the possibility of them being able to spoof it. I also remove the stripe ID after the transaction is complete so they can never use it again.
The only other option I can see is to first perform a retrieval and verify that the item exists, then perform the update, but I was hoping to avoid that extra step.
Some of the other articles about conditional Updates were from 2016 so not sure if there have been changes in the platform since then.