1 00:00:00,172 --> 00:00:04,265 We've created a handful of helper functions that allow us 2 00:00:04,265 --> 00:00:08,452 to reuse code making our applications easier to maintain. 3 00:00:08,452 --> 00:00:13,256 For the authorization system of our application we're going to rely heavily on 4 00:00:13,256 --> 00:00:14,843 these helper functions. 5 00:00:14,843 --> 00:00:19,550 When dealing with authorization helper functions they're sometimes referred to as 6 00:00:19,550 --> 00:00:20,800 guards. 7 00:00:20,800 --> 00:00:25,568 A guard is a tool that allows us to protect certain sections of 8 00:00:25,568 --> 00:00:27,071 our application. 9 00:00:27,071 --> 00:00:30,894 We're going to be creating guards to check the request and 10 00:00:30,894 --> 00:00:33,712 only allow administrators to view a page. 11 00:00:33,712 --> 00:00:37,354 This guard will make sure that a user is logged in and 12 00:00:37,354 --> 00:00:40,412 that a logged in user is an administrator. 13 00:00:40,412 --> 00:00:45,378 Finally, we'll create a guard to make sure that the logged-in user is the owner 14 00:00:45,378 --> 00:00:48,240 of a book or a vote that they are trying to edit. 15 00:00:48,240 --> 00:00:50,638 If you remember, from the last stage, 16 00:00:50,638 --> 00:00:55,630 we built a function to check if a request requires authentication. 17 00:00:55,630 --> 00:01:00,473 This function also used the isAuthenticated function. 18 00:01:00,473 --> 00:01:04,212 Yes, both of these functions are guards as well. 19 00:01:04,212 --> 00:01:08,182 We're going to build two more guards for admin. 20 00:01:08,182 --> 00:01:13,192 This time, not only will we check that the user is logged in, 21 00:01:13,192 --> 00:01:16,452 we also need to check for an admin role. 22 00:01:16,452 --> 00:01:22,062 Let's start with the function to check if the user is an admin or not. 23 00:01:22,062 --> 00:01:25,684 We'll name this, function isAdmin. 24 00:01:30,680 --> 00:01:37,382 We'll start by checking if the user is authenticated, if not isAuthenticated. 25 00:01:42,712 --> 00:01:46,792 Then we're going to return false. 26 00:01:46,792 --> 00:01:49,992 If they're not logged in, they're not an admin. 27 00:01:49,992 --> 00:01:56,563 If the user is authenticated we now need to check if they have an admin role. 28 00:01:56,563 --> 00:01:59,612 Their role id should equal 1. 29 00:01:59,612 --> 00:02:02,356 Like we did for our get authenticated user. 30 00:02:05,800 --> 00:02:08,453 We can use a session. 31 00:02:08,453 --> 00:02:14,053 We start with the global, session and 32 00:02:14,053 --> 00:02:19,303 the we can return, session, get. 33 00:02:22,171 --> 00:02:24,212 Auth_roles. 34 00:02:26,961 --> 00:02:30,152 And we'll see if this equals 1. 35 00:02:30,152 --> 00:02:33,903 This return should give us true or false, 36 00:02:33,903 --> 00:02:39,162 depending upon whether our auth_roles equals 1 or not. 37 00:02:39,162 --> 00:02:44,450 Now we can create the guard that requires the user to be an administrator or 38 00:02:44,450 --> 00:02:47,280 gives an error and redirects the user. 39 00:02:49,130 --> 00:02:53,605 We'll create a new function and we'll name this requireAdmin. 40 00:02:57,800 --> 00:03:02,253 We can use the isAdmin function to tell us if the user is an admin. 41 00:03:02,253 --> 00:03:06,473 if not isAdmin, 42 00:03:09,711 --> 00:03:14,306 Then we're going to use the global 43 00:03:14,306 --> 00:03:18,585 $session, and we're going to 44 00:03:18,585 --> 00:03:26,671 set $session->getFlashBag()->add('error', 45 00:03:26,671 --> 00:03:30,010 'Not Authorized'). 46 00:03:30,010 --> 00:03:38,683 And then we'll redirect to login.php. 47 00:03:41,660 --> 00:03:46,983 Now on any page where we require administrative privileges we can simply 48 00:03:46,983 --> 00:03:52,752 add requireAdmin to the top of the page, and it will handle everything for us. 49 00:03:52,752 --> 00:03:55,582 There's one more guard that we want to add. 50 00:03:55,582 --> 00:04:00,527 We want to set up a function to check if the user who is 51 00:04:00,527 --> 00:04:04,442 logged in is the owner of a book or a vote. 52 00:04:04,442 --> 00:04:10,413 This function will accept a single property the id we're trying to match, 53 00:04:10,413 --> 00:04:15,450 and then it will get the current logged in user for comparison. 54 00:04:15,450 --> 00:04:20,084 So we'll add a function, and we'll name it isOwner. 55 00:04:22,171 --> 00:04:30,547 We'll accept the ownerId, And 56 00:04:30,547 --> 00:04:35,335 then we'll start by checking if Not 57 00:04:35,335 --> 00:04:43,713 isAuthenticated, And we'll return false. 58 00:04:47,372 --> 00:04:52,080 If they're not logged in, they can't be the owner. 59 00:04:52,080 --> 00:04:55,590 Then we can use global session. 60 00:04:58,322 --> 00:05:04,563 And we're going to return a comparison of 61 00:05:04,563 --> 00:05:09,913 ownerId, compared with session, 62 00:05:09,913 --> 00:05:13,671 get, auth_user_id. 63 00:05:18,852 --> 00:05:22,635 Now with this function, we can get the owner of the book, or 64 00:05:22,635 --> 00:05:26,192 a vote from the database, and pass it to this function, 65 00:05:26,192 --> 00:05:30,673 which will make sure that the authenticated user is the actual owner. 66 00:05:30,673 --> 00:05:32,277 Now that our guards are set up, 67 00:05:32,277 --> 00:05:35,070 we're ready to start using them in our application.