1
00:00:00,070 --> 00:00:04,193
We're ready to go back to
our Book List page and

2
00:00:04,193 --> 00:00:08,329
update who has access to edit or
delete a book.

3
00:00:18,868 --> 00:00:24,979
If isAdmin or isOwner,

4
00:00:24,979 --> 00:00:31,091
and we'll pass the book

5
00:00:31,091 --> 00:00:36,597
with the owner_id.

6
00:00:43,011 --> 00:00:43,883
We can endif.

7
00:00:43,883 --> 00:00:49,839
We'll want to perform this
same check in our editBook and

8
00:00:49,839 --> 00:00:53,200
in our deleteBook procedures.

9
00:00:57,690 --> 00:01:02,118
Let's copy this, And

10
00:01:02,118 --> 00:01:06,370
open deleteBook and editBook.

11
00:01:07,780 --> 00:01:10,447
First, we can add requireAuth,

12
00:01:13,086 --> 00:01:17,070
This will make sure that
a user is logged in.

13
00:01:18,220 --> 00:01:21,951
Next, after getting the book and
making sure that it exists,

14
00:01:21,951 --> 00:01:24,699
we should make our checks for
admin or owner.

15
00:01:31,170 --> 00:01:35,943
We're going to say if not

16
00:01:35,943 --> 00:01:40,950
an admin and not an owner.

17
00:01:42,644 --> 00:01:46,276
Then we're going to set
session getFlashBag,

18
00:01:50,290 --> 00:01:55,085
add an error, Not Authorized.

19
00:01:59,080 --> 00:02:04,448
And then we'll redirect, To books.php.

20
00:02:06,018 --> 00:02:10,680
Let's do the same thing in the deleteBook.

21
00:02:10,680 --> 00:02:16,512
So we can copy these six lines,
Seven with a space.

22
00:02:24,030 --> 00:02:26,940
Let's log out and log back in as an admin.

23
00:02:30,719 --> 00:02:34,030
Now I can see my link to admin, and

24
00:02:34,030 --> 00:02:38,890
we have the ability to promote and
demote a user.

25
00:02:40,050 --> 00:02:43,340
But again, we cannot alter our own role.

26
00:02:43,340 --> 00:02:49,980
If I go to my Book List, I see the Edit or
Delete links in the books.

27
00:02:49,980 --> 00:02:57,480
I can click to edit and update my book.

28
00:02:57,480 --> 00:02:59,440
Let's logout and log back in as a user.

29
00:03:04,010 --> 00:03:07,980
And now if I go to the Book List,
I do not see the Edit or Delete.

30
00:03:09,530 --> 00:03:10,160
But if I add a book,

31
00:03:17,096 --> 00:03:22,544
After a user has added a book,
they will have the ability to edit and

32
00:03:22,544 --> 00:03:27,030
delete that book or
any other book they add.

33
00:03:27,030 --> 00:03:31,350
The last thing that I want
to do is lockdown voting.

34
00:03:31,350 --> 00:03:35,480
Each user only gets one vote per book, but

35
00:03:35,480 --> 00:03:38,360
a user is always able
to change their vote.