Requiring Logins

One of the first things this site is missing is requiring users to be logged 0:00 in to get to the Create a Message view. 0:04 I talked about how to do this a bit in the Django class based views course 0:06 if you've seen that one. 0:10 If you haven't, you should probably check it out as this course is going to use 0:11 only Class Based Views. 0:14 Django provides a mixed in for its generic view to mark a view as requiring the user 0:16 to be logged in before the can access it. 0:20 Seems like a simple fix, so it's time to get to it. 0:23 If you remember the mix ins part of the Class Base Views course, 0:26 this part here should be mostly a refresher. 0:30 So Django provides decorators for marking a view as requiring a login, but 0:33 decorators are iffy with class-based views. 0:37 So Django also provides mix-ins to use with your class-based views. 0:40 Before I can use that mixin though, I have to import it. 0:45 So here in posts and then views.py, 0:48 up here at the top I'm going to add in my mixin. 0:54 So mixins comes before models, so from django.contrib.auth.mixinins, 0:59 import LoginRequiredMixin. 1:05 And then I need to use that. 1:08 And so I need to add it to my views. 1:11 To start I have two views that definitely need to be locked down. 1:13 So first is this one right here that lets users create new messages, 1:18 create new posts. 1:24 And there's one a little further down that lets people delete messages. 1:25 So I'm gonna go ahead and add LoginRequiredMixin 1:28 to this view, which that'll force people to be logged in. 1:34 And then on the DeletePost I'm also gonna add in 1:39 LoginRequiredMixin as the first item and I'm gonna go ahead and save. 1:43 So those two are good, those are important. 1:49 There's a select related mix in here which is from Django braces and 1:52 that lets me do select related queries without having to 1:56 actually change the query set myself to do select related. 2:00 I can just do it as an attribute in the view. 2:03 I'm actually putting LoginRequiredMixin before SelectRelated, so 2:06 that the SelectRelated isn't even considered thought about at all 2:10 unless the login is valid. 2:14 So just saving a little tiny bit of time there. 2:15 Okay, so that should prevent me from being able to 2:18 get to any of those views if I'm logged out. 2:21 So right now I'm not even running the server. 2:25 So if I was to go in here and try to make a new post, 2:32 which I know that URL is posts/new, then I should get yep, I get a 404. 2:36 I get redirected to somewhere else. 2:43 And then if I try to go to say posts/delete/1, 2:46 then that should also get me a 404, yep another 404, which I can't do that. 2:52 And I get, it's trying to redirect me to this login page which it doesn't have, so 2:59 I'll handle that a little later. 3:04 Okay, so I can't do either of those things. 3:06 I should be able to run my tests and get a good expected result. 3:07 So let me try that, Python managed.py test and we have a u. 3:12 All right, so see how now we have we have a u there and 3:18 we have this unexpected successes. 3:21 So if I go look at my tests which are right here and I scroll down through here. 3:24 Where did that go? 3:31 Right here. 3:32 I have a test that I have marked as expected failure. 3:33 I'm expecting this test to fail. 3:37 But now though, I get, the test doesn't fail, right? 3:39 When I try to go to post create while I'm not logged in, I do not get a 200. 3:43 So this is correct. 3:47 So I can take this line out. 3:49 And I do believe that's the only place I'm using unit test. 3:52 Yep, just one result, so I can take that out and that's a little shorter now. 3:57 And then, let's check this read me. 4:03 Okay, so sign up, log in, log out, no. 4:06 Only able to post messages when logged in, done. 4:10 All right, and then I have some other stuff that needs to be locked down too. 4:14 So I may run the server again. 4:20 And now I'm gonna go to this other app which is communities. 4:25 I'm gonna go to the views.py in here. 4:29 And I need to import the mixin again, 4:34 django.contrib.auth.mixins import LoginRequiredMixin. 4:38 And I need to add this to the views in here. 4:46 So obviously I don't want people to be able to create communities 4:49 unless they are logged in. 4:54 Viewing a single community, viewing all the communities, those I think are fine. 4:58 Joining a community, should require a login and 5:03 leaving a community should as well. 5:07 Because you can't exactly leave or join a community unless I know who you are. 5:13 So all right, that's pretty good, I think that's all of those. 5:19 Now should be able to get to any of those views without being logged in. 5:22 So for example, if I was to come back over here to this Minecraft community. 5:26 Let's click on Minecraft, there we go. 5:33 And I clicked Join and now I should get the log in required thing. 5:35 Yeah, great. 5:39 Well, that wasn't too difficult. 5:41 But now that some of these views require a user to log in I have to deal with 5:43 the fact that I haven't yet made a way for them to actually log in. 5:46 Seems like a good feature to add next. 5:51