- 00:00:01 hi everyone welcome back to a new video
- 00:00:03 in our laravel series we finished when
- 00:00:06 we were able to delete posts
- 00:00:08 unfortunately also posts of our people
- 00:00:11 so let's work on that first I'm already
- 00:00:15 locked in here I want to create a new
- 00:00:17 post therefore it would be cool if I
- 00:00:19 could log in as someone else therefore
- 00:00:21 it would be cool if I could lock out
- 00:00:23 so let's implement that for it to begin
- 00:00:25 with I'll start in my user controller
- 00:00:31 here where I will add a new function at
- 00:00:33 the bottom which we call well log out
- 00:00:36 get logout inside this function I will
- 00:00:41 have a very complex expression or a very
- 00:00:46 complex code and watch closely to get
- 00:00:50 this right we use of logout so that's
- 00:00:57 all we're logging out using this off the
- 00:01:00 side which we're importing here at the
- 00:01:02 top and done this will log out the
- 00:01:06 currently locked end user now all that
- 00:01:08 is left to do is add a redirect to get
- 00:01:11 us well let's say to our home page so
- 00:01:16 next thing is I want to add a route I
- 00:01:17 will do this right here below the sign
- 00:01:19 in route and there's a gap Road just log
- 00:01:23 out which will use a controller
- 00:01:25 obviously since which has created a
- 00:01:27 method not just users and then what will
- 00:01:31 I use what will the user controller add
- 00:01:34 get logout this will be used and then
- 00:01:37 here we use this as logout this will be
- 00:01:41 the name of our around next thing is and
- 00:01:44 my header I want to include it and I
- 00:01:47 will include it here and the easiest way
- 00:01:50 to do that is to well head over to
- 00:01:53 bootstrap here under components navbar
- 00:01:57 I'm making this very easier I'm just
- 00:02:01 going to copy which one we want this
- 00:02:06 part here just going to copy this part
- 00:02:08 to position it at the right of our
- 00:02:10 header copy this into it
- 00:02:14 here I don't need to drop down all I
- 00:02:16 need is one single link which will say
- 00:02:19 logout and which will will use our fresh
- 00:02:22 created route or newly created route
- 00:02:25 called logout okay let me save to this
- 00:02:28 close this and reload here now we got
- 00:02:34 our logout menu item here let me click
- 00:02:38 this and now unlocked out now I'm going
- 00:02:41 to log in as someone else I don't know
- 00:02:44 what is this password Chris yeah and I'm
- 00:02:49 just creating a post as to someone and
- 00:02:51 now we got mixed posts and now it should
- 00:02:53 only be able to delete well this post by
- 00:02:56 me by Chris and not by the other people
- 00:02:58 I see we should maybe also change the
- 00:03:01 sorting of the post to have the most
- 00:03:03 recent post at the top let's quickly
- 00:03:06 implement that so in the post controller
- 00:03:10 where we get all our posts all I do here
- 00:03:12 is when I get all posts here I'll change
- 00:03:17 this I'll not get all I will first call
- 00:03:20 ordered by not may well order by and
- 00:03:23 then we have by created add it should be
- 00:03:30 order descending so this is how we were
- 00:03:33 you're descending we specify by what you
- 00:03:35 feel do we want to order and then we can
- 00:03:37 either enter desc
- 00:03:40 descending or ask for s ending here and
- 00:03:43 then we just use get to get all the
- 00:03:47 elements matching well the conditions we
- 00:03:50 define before the select could select
- 00:03:53 part class you but we're don't have any
- 00:03:56 therefore we select all the items but we
- 00:03:59 order them we can't use all anymore
- 00:04:01 because what we added something to this
- 00:04:03 query polar here no let me reload them
- 00:04:07 now we should see that Chris posts at
- 00:04:09 the top anyway that's just a little
- 00:04:11 fine-tuning here what I want to do is I
- 00:04:13 want to first remove this buttons here
- 00:04:16 if I'm not max in this case and second I
- 00:04:20 also want to make sure to check that if
- 00:04:22 I hit delete if I'm the user logged in
- 00:04:24 because even if I
- 00:04:25 the buttons I might still be able to
- 00:04:28 well query that route or to try to
- 00:04:33 target that route via a terminal or by
- 00:04:36 directly entering URL appear so we have
- 00:04:39 to make sure we're safe in the backend
- 00:04:41 as well as in front-end so to say now to
- 00:04:45 begin with with I will start in my post
- 00:04:48 controller here in my post controller
- 00:04:51 here I will check if the user of this
- 00:04:54 post equals the user who is currently
- 00:04:57 logged in if this is not the case then I
- 00:05:00 don't really want to delete the post so
- 00:05:03 therefore I'm doing this right below
- 00:05:04 this post variable where we fetch our
- 00:05:06 post and then I want to retrieve the
- 00:05:09 currently logged in user
- 00:05:10 I do displays in the office aid so make
- 00:05:13 sure you're importing that at the top
- 00:05:14 and here I access the user method to
- 00:05:18 retrieve the currently logged in user
- 00:05:20 and then I check if this is not equal to
- 00:05:23 well the user of the post which you can
- 00:05:25 retrieve by using this user property
- 00:05:28 since we set up this relation if you
- 00:05:29 remember the last videos if there is
- 00:05:32 users do not match and I want to return
- 00:05:34 a redirect back so I don't want it to
- 00:05:37 lead I'm not continuing here and yeah we
- 00:05:40 could provide a message here an error
- 00:05:42 message but if we get here even though
- 00:05:44 we deleted the buttons on the front page
- 00:05:48 probably you've done something fishy
- 00:05:50 already so I don't think we need to
- 00:05:52 provide the best user experience here
- 00:05:53 but you might add as a message and
- 00:05:55 output it so now we technically can't
- 00:05:59 delete users if you're not the same user
- 00:06:01 excuse me posts if we're not the same
- 00:06:04 user so the next thing I want to do is
- 00:06:07 in my dashboard here I want you only
- 00:06:09 show these buttons if we are allowed to
- 00:06:13 delete and edit it goes for edit as well
- 00:06:16 even though we haven't implemented that
- 00:06:18 yet so therefore I will well let me put
- 00:06:21 this in on two new lines and her new
- 00:06:22 line here I will add an if statement
- 00:06:24 with my polite expression syntax and if
- 00:06:28 and this should only be shown
- 00:06:32 conditionally so I'm going to put this
- 00:06:34 inside the if statement make sure to
- 00:06:36 also have this pipe here with you
- 00:06:38 that you don't have floating pipe at the
- 00:06:40 end of the like and dislike button even
- 00:06:42 though no buttons are coming after that
- 00:06:44 and then here I use the same check off
- 00:06:46 user should be in this case it should be
- 00:06:50 equal otherwise I'm not showing it
- 00:06:51 should be equal to the user of this post
- 00:06:56 we're having here and we're accessing
- 00:06:58 post since we're looping through all our
- 00:07:00 posts here let me save this and reload
- 00:07:03 good as you can see not seeing the
- 00:07:06 buttons here I can delete my own post
- 00:07:08 that's still working let me try to
- 00:07:10 delete the post of max here to do so
- 00:07:14 I'll have a look at my database my posts
- 00:07:17 I did you I'll try to delete the post
- 00:07:21 with an ID of two I can do this if you
- 00:07:25 have a look at our routes by just
- 00:07:28 accessing delete post and then the idea
- 00:07:31 of the post so I'm just going to copy
- 00:07:33 that instead of dashboard and posted
- 00:07:35 these two as we just looked it up and
- 00:07:38 well now I'm just taking back taken back
- 00:07:41 let me see if the post got deleted no
- 00:07:43 it's still there so our security check
- 00:07:45 here is working now we can only delete
- 00:07:47 our own posts see you in the next videos
- 00:07:48 bye