Conditional logic in the server or the client

Hi everyone. My question does not really relate to any of the current projects here on FCC, but I think it’s still a beginner’s question (especially as you being connecting the front-end and backend of an app). I also think it’s something that can help new developers (such as myself) better understand best practices in programming.

TL;DR
Should conditional logic for a view be done in the server, or the client?

In my current project, I’m creating a login system. A user logs in, is authenticated in the server, then has the ability to view their profile page. Since this login system is intended to support multiple user accounts, I needed to find a way for a user to be able to edit their own profile without effecting another user’s profile.

I found two ways that worked, but I don’t really know which one is the best way (if there is a best way).

1st method:
server.js

> router.get('/user/:username', ensureAuthenticated, function(req, res, next) {
> 	console.log("User that's logged in:", req.user)
> 	User.findOne({ username: req.params.username }, function(err, user) {
> 		console.log("User being viewed:", user)
> 		if (err) throw err
> 		else {
> 			if (req.user.username == user.username) {
> 				res.render('profile', {
> 					user: req.user
> 				})
> 			} else {
> 				res.render('member_profile', {
> 					user: user
> 				})
> 			}
> 		}
> 	})
> });

With this method, profile is rendered if the user that’s currently logged in is viewing his/her own profile, whereas member_profile is if the currently logged in user is viewing someone else’s profile.

In the views directory, profile.hbs (which corresponds to res.render('profile') contains an edit button to allow the user to edit his/her profile, whereas member_profile.hbs does not have an edit button (since you don’t want to edit someone else’s profile).

2nd method:
server.js

> router.get('/user/:username', ensureAuthenticated, function(req, res, next) {
> 	console.log("User that's logged in:", req.user)
> 	User.findOne({ username: req.params.username }, function(err, user) {
> 		console.log("User being viewed:", user)
> 		if (err) throw err
> 		else {
> 			res.render('profile', {
> 				user: user,
> 				current_user: req.user,
> 				helpers: {
> 				  is: function(a, b, options) {
> 				    if (a == b) {
> 				      return options.fn(this);
> 				    }
> 				  }
> 				}
> 			})
> 		}
> 	})
> });

With this method, only one profile view is rendered, but there’s a handlebars helper file also being defined for use in profile.hbs.

In profile.hbs, I’d use the helper like so:
{{#is user.username current_user.username }}
<button onclick="edit()" class="btn btn-primary">Edit</button>
{{/is}}

What this essentially says is if the username of the currently logged in user (who’s also authenticated) is also viewing his/her profile, then that user has the ability to use the Edit button. Otherwise (meaning the currently logged in user is viewing someone else’s profile), then they do not have the ability to use the Edit button.

As developers, it’s important that we understand the full stack, and I think simple examples like this can help illustrate how to utilize best practices in programming, so hopefully this question will help others campers as well.

Lastly, if any part of my question does not make sense, please feel free to ask for clarification. I realize that it can be difficult to adequately explain a problem online. I’ve also only posted snippets of my code (the full program would be too long to post here).

Thanks in advance!

I cleaned up your code.
You need to use triple backticks to post code to the forum.
See this post for details.

Perfect, thanks! I had trouble figuring that out.