1 00:00:00,000 --> 00:00:04,202 I want to add a few more restrictions to our admin functionality. 2 00:00:04,202 --> 00:00:12,322 First, let's use one of our guards to requireAdmin in the adjustRole page. 3 00:00:12,322 --> 00:00:18,691 Then back on the admin page, we're going to change requireAuth to requireAdmin. 4 00:00:18,691 --> 00:00:24,383 I also want to restrict access so that you cannot adjust your own role. 5 00:00:24,383 --> 00:00:29,400 We can do this by wrapping the button logic in a new conditional statement. 6 00:00:41,353 --> 00:00:46,408 We can use the isOwner function to check if the current 7 00:00:46,408 --> 00:00:50,800 user ID in the loop matches the logged in user. 8 00:00:50,800 --> 00:00:55,291 So if isOwner, and we'll 9 00:00:55,291 --> 00:01:00,402 pass in the user['id']. 10 00:01:00,402 --> 00:01:04,309 If the user in the loop matches 11 00:01:04,309 --> 00:01:09,155 the current user that's logged in, 12 00:01:09,155 --> 00:01:13,218 we're going to add a new item, 13 00:01:13,218 --> 00:01:19,024 span class ="btn btn-xs btn-default" 14 00:01:21,422 --> 00:01:26,035 And then, Cannot alter your own role. 15 00:01:32,370 --> 00:01:39,094 We're going to add an else, And then we can use the rest of our buttons. 16 00:01:41,771 --> 00:01:46,645 And finally, endif. 17 00:01:53,651 --> 00:01:56,531 Let's view our admin page in the browser once more. 18 00:01:59,391 --> 00:02:04,440 Great, we see that we cannot alter our own role. 19 00:02:04,440 --> 00:02:12,861 And if we log out and we go to the admin page, We're not authorized. 20 00:02:12,861 --> 00:02:17,533 And if we log in as our user, And 21 00:02:17,533 --> 00:02:23,191 try to go to the admin page, again, we're not authorized. 22 00:02:23,191 --> 00:02:26,128 We can now go back through our system and 23 00:02:26,128 --> 00:02:29,961 add authorization checks across all of the pages. 24 00:02:29,961 --> 00:02:34,331 Let's update the navigation to only show the admin link to administrators. 25 00:02:38,911 --> 00:02:42,740 After my account, if isAdmin, 26 00:02:47,801 --> 00:02:50,717 We're going to add a link, so let's duplicate this line. 27 00:02:55,030 --> 00:03:00,765 We can end our if, And then make changes. 28 00:03:03,893 --> 00:03:09,610 Link to admin and show Admin. 29 00:03:09,610 --> 00:03:13,713 And finally, we're ready to go back to our book list page and 30 00:03:13,713 --> 00:03:16,860 update who has access to edit or delete a book.