Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
To manage the book, we want to make sure that the logged in user is either an administrator or the owner of the book.
Updates
templates/book.php
<?php if (isAdmin() || isOwner($book['owner_id'])) : ?>
// Edit and Delete links
<?php endif; ?>
Proceedures: addBook.php and deleteBook.php
requireAuth();
if(!isAdmin() && !isOwner($book['owner_id'])) {
$session->getFlashBag()->add('error', 'Not Authorized');
redirect('/books.php');
}
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
We're ready to go back to
our Book List page and
0:00
update who has access to edit or
delete a book.
0:04
If isAdmin or isOwner,
0:18
and we'll pass the book
0:24
with the owner_id.
0:31
We can endif.
0:43
We'll want to perform this
same check in our editBook and
0:43
in our deleteBook procedures.
0:49
Let's copy this, And
0:57
open deleteBook and editBook.
1:02
First, we can add requireAuth,
1:07
This will make sure that
a user is logged in.
1:13
Next, after getting the book and
making sure that it exists,
1:18
we should make our checks for
admin or owner.
1:21
We're going to say if not
1:31
an admin and not an owner.
1:35
Then we're going to set
session getFlashBag,
1:42
add an error, Not Authorized.
1:50
And then we'll redirect, To books.php.
1:59
Let's do the same thing in the deleteBook.
2:06
So we can copy these six lines,
Seven with a space.
2:10
Let's log out and log back in as an admin.
2:24
Now I can see my link to admin, and
2:30
we have the ability to promote and
demote a user.
2:34
But again, we cannot alter our own role.
2:40
If I go to my Book List, I see the Edit or
Delete links in the books.
2:43
I can click to edit and update my book.
2:49
Let's logout and log back in as a user.
2:57
And now if I go to the Book List,
I do not see the Edit or Delete.
3:04
But if I add a book,
3:09
After a user has added a book,
they will have the ability to edit and
3:17
delete that book or
any other book they add.
3:22
The last thing that I want
to do is lockdown voting.
3:27
Each user only gets one vote per book, but
3:31
a user is always able
to change their vote.
3:35
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up