1 00:00:00,070 --> 00:00:04,193 We're ready to go back to our Book List page and 2 00:00:04,193 --> 00:00:08,329 update who has access to edit or delete a book. 3 00:00:18,868 --> 00:00:24,979 If isAdmin or isOwner, 4 00:00:24,979 --> 00:00:31,091 and we'll pass the book 5 00:00:31,091 --> 00:00:36,597 with the owner_id. 6 00:00:43,011 --> 00:00:43,883 We can endif. 7 00:00:43,883 --> 00:00:49,839 We'll want to perform this same check in our editBook and 8 00:00:49,839 --> 00:00:53,200 in our deleteBook procedures. 9 00:00:57,690 --> 00:01:02,118 Let's copy this, And 10 00:01:02,118 --> 00:01:06,370 open deleteBook and editBook. 11 00:01:07,780 --> 00:01:10,447 First, we can add requireAuth, 12 00:01:13,086 --> 00:01:17,070 This will make sure that a user is logged in. 13 00:01:18,220 --> 00:01:21,951 Next, after getting the book and making sure that it exists, 14 00:01:21,951 --> 00:01:24,699 we should make our checks for admin or owner. 15 00:01:31,170 --> 00:01:35,943 We're going to say if not 16 00:01:35,943 --> 00:01:40,950 an admin and not an owner. 17 00:01:42,644 --> 00:01:46,276 Then we're going to set session getFlashBag, 18 00:01:50,290 --> 00:01:55,085 add an error, Not Authorized. 19 00:01:59,080 --> 00:02:04,448 And then we'll redirect, To books.php. 20 00:02:06,018 --> 00:02:10,680 Let's do the same thing in the deleteBook. 21 00:02:10,680 --> 00:02:16,512 So we can copy these six lines, Seven with a space. 22 00:02:24,030 --> 00:02:26,940 Let's log out and log back in as an admin. 23 00:02:30,719 --> 00:02:34,030 Now I can see my link to admin, and 24 00:02:34,030 --> 00:02:38,890 we have the ability to promote and demote a user. 25 00:02:40,050 --> 00:02:43,340 But again, we cannot alter our own role. 26 00:02:43,340 --> 00:02:49,980 If I go to my Book List, I see the Edit or Delete links in the books. 27 00:02:49,980 --> 00:02:57,480 I can click to edit and update my book. 28 00:02:57,480 --> 00:02:59,440 Let's logout and log back in as a user. 29 00:03:04,010 --> 00:03:07,980 And now if I go to the Book List, I do not see the Edit or Delete. 30 00:03:09,530 --> 00:03:10,160 But if I add a book, 31 00:03:17,096 --> 00:03:22,544 After a user has added a book, they will have the ability to edit and 32 00:03:22,544 --> 00:03:27,030 delete that book or any other book they add. 33 00:03:27,030 --> 00:03:31,350 The last thing that I want to do is lockdown voting. 34 00:03:31,350 --> 00:03:35,480 Each user only gets one vote per book, but 35 00:03:35,480 --> 00:03:38,360 a user is always able to change their vote.