1
00:00:00,172 --> 00:00:04,265
We've created a handful of
helper functions that allow us

2
00:00:04,265 --> 00:00:08,452
to reuse code making our
applications easier to maintain.

3
00:00:08,452 --> 00:00:13,256
For the authorization system of our
application we're going to rely heavily on

4
00:00:13,256 --> 00:00:14,843
these helper functions.

5
00:00:14,843 --> 00:00:19,550
When dealing with authorization helper
functions they're sometimes referred to as

6
00:00:19,550 --> 00:00:20,800
guards.

7
00:00:20,800 --> 00:00:25,568
A guard is a tool that allows us
to protect certain sections of

8
00:00:25,568 --> 00:00:27,071
our application.

9
00:00:27,071 --> 00:00:30,894
We're going to be creating
guards to check the request and

10
00:00:30,894 --> 00:00:33,712
only allow administrators to view a page.

11
00:00:33,712 --> 00:00:37,354
This guard will make sure
that a user is logged in and

12
00:00:37,354 --> 00:00:40,412
that a logged in user is an administrator.

13
00:00:40,412 --> 00:00:45,378
Finally, we'll create a guard to make
sure that the logged-in user is the owner

14
00:00:45,378 --> 00:00:48,240
of a book or
a vote that they are trying to edit.

15
00:00:48,240 --> 00:00:50,638
If you remember, from the last stage,

16
00:00:50,638 --> 00:00:55,630
we built a function to check if
a request requires authentication.

17
00:00:55,630 --> 00:01:00,473
This function also used
the isAuthenticated function.

18
00:01:00,473 --> 00:01:04,212
Yes, both of these functions
are guards as well.

19
00:01:04,212 --> 00:01:08,182
We're going to build two more guards for
admin.

20
00:01:08,182 --> 00:01:13,192
This time, not only will we check
that the user is logged in,

21
00:01:13,192 --> 00:01:16,452
we also need to check for an admin role.

22
00:01:16,452 --> 00:01:22,062
Let's start with the function to
check if the user is an admin or not.

23
00:01:22,062 --> 00:01:25,684
We'll name this, function isAdmin.

24
00:01:30,680 --> 00:01:37,382
We'll start by checking if the user is
authenticated, if not isAuthenticated.

25
00:01:42,712 --> 00:01:46,792
Then we're going to return false.

26
00:01:46,792 --> 00:01:49,992
If they're not logged in,
they're not an admin.

27
00:01:49,992 --> 00:01:56,563
If the user is authenticated we now need
to check if they have an admin role.

28
00:01:56,563 --> 00:01:59,612
Their role id should equal 1.

29
00:01:59,612 --> 00:02:02,356
Like we did for
our get authenticated user.

30
00:02:05,800 --> 00:02:08,453
We can use a session.

31
00:02:08,453 --> 00:02:14,053
We start with the global, session and

32
00:02:14,053 --> 00:02:19,303
the we can return, session, get.

33
00:02:22,171 --> 00:02:24,212
Auth_roles.

34
00:02:26,961 --> 00:02:30,152
And we'll see if this equals 1.

35
00:02:30,152 --> 00:02:33,903
This return should give us true or false,

36
00:02:33,903 --> 00:02:39,162
depending upon whether our
auth_roles equals 1 or not.

37
00:02:39,162 --> 00:02:44,450
Now we can create the guard that requires
the user to be an administrator or

38
00:02:44,450 --> 00:02:47,280
gives an error and redirects the user.

39
00:02:49,130 --> 00:02:53,605
We'll create a new function and
we'll name this requireAdmin.

40
00:02:57,800 --> 00:03:02,253
We can use the isAdmin function to
tell us if the user is an admin.

41
00:03:02,253 --> 00:03:06,473
if not isAdmin,

42
00:03:09,711 --> 00:03:14,306
Then we're going to use the global

43
00:03:14,306 --> 00:03:18,585
$session, and we're going to

44
00:03:18,585 --> 00:03:26,671
set $session->getFlashBag()->add('error',

45
00:03:26,671 --> 00:03:30,010
'Not Authorized').

46
00:03:30,010 --> 00:03:38,683
And then we'll redirect to login.php.

47
00:03:41,660 --> 00:03:46,983
Now on any page where we require
administrative privileges we can simply

48
00:03:46,983 --> 00:03:52,752
add requireAdmin to the top of the page,
and it will handle everything for us.

49
00:03:52,752 --> 00:03:55,582
There's one more guard
that we want to add.

50
00:03:55,582 --> 00:04:00,527
We want to set up a function
to check if the user who is

51
00:04:00,527 --> 00:04:04,442
logged in is the owner of a book or
a vote.

52
00:04:04,442 --> 00:04:10,413
This function will accept a single
property the id we're trying to match,

53
00:04:10,413 --> 00:04:15,450
and then it will get the current
logged in user for comparison.

54
00:04:15,450 --> 00:04:20,084
So we'll add a function,
and we'll name it isOwner.

55
00:04:22,171 --> 00:04:30,547
We'll accept the ownerId, And

56
00:04:30,547 --> 00:04:35,335
then we'll start by checking if Not

57
00:04:35,335 --> 00:04:43,713
isAuthenticated, And we'll return false.

58
00:04:47,372 --> 00:04:52,080
If they're not logged in,
they can't be the owner.

59
00:04:52,080 --> 00:04:55,590
Then we can use global session.

60
00:04:58,322 --> 00:05:04,563
And we're going to return a comparison of

61
00:05:04,563 --> 00:05:09,913
ownerId, compared with session,

62
00:05:09,913 --> 00:05:13,671
get, auth_user_id.

63
00:05:18,852 --> 00:05:22,635
Now with this function,
we can get the owner of the book, or

64
00:05:22,635 --> 00:05:26,192
a vote from the database, and
pass it to this function,

65
00:05:26,192 --> 00:05:30,673
which will make sure that the
authenticated user is the actual owner.

66
00:05:30,673 --> 00:05:32,277
Now that our guards are set up,

67
00:05:32,277 --> 00:05:35,070
we're ready to start using
them in our application.