Laravel 5.2 PHP Build a social network – User Logout & Fixing Post Deletion

00:00:01 hi everyone welcome back to a new video
00:00:03 in our laravel series we finished when
00:00:06 we were able to delete posts
00:00:08 unfortunately also posts of our people
00:00:11 so let's work on that first I'm already
00:00:15 locked in here I want to create a new
00:00:17 post therefore it would be cool if I
00:00:19 could log in as someone else therefore
00:00:21 it would be cool if I could lock out
00:00:23 so let's implement that for it to begin
00:00:25 with I'll start in my user controller
00:00:31 here where I will add a new function at
00:00:33 the bottom which we call well log out
00:00:36 get logout inside this function I will
00:00:41 have a very complex expression or a very
00:00:46 complex code and watch closely to get
00:00:50 this right we use of logout so that's
00:00:57 all we're logging out using this off the
00:01:00 side which we're importing here at the
00:01:02 top and done this will log out the
00:01:06 currently locked end user now all that
00:01:08 is left to do is add a redirect to get
00:01:11 us well let's say to our home page so
00:01:16 next thing is I want to add a route I
00:01:17 will do this right here below the sign
00:01:19 in route and there's a gap Road just log
00:01:23 out which will use a controller
00:01:25 obviously since which has created a
00:01:27 method not just users and then what will
00:01:31 I use what will the user controller add
00:01:34 get logout this will be used and then
00:01:37 here we use this as logout this will be
00:01:41 the name of our around next thing is and
00:01:44 my header I want to include it and I
00:01:47 will include it here and the easiest way
00:01:50 to do that is to well head over to
00:01:53 bootstrap here under components navbar
00:01:57 I'm making this very easier I'm just
00:02:01 going to copy which one we want this
00:02:06 part here just going to copy this part
00:02:08 to position it at the right of our
00:02:10 header copy this into it
00:02:14 here I don't need to drop down all I
00:02:16 need is one single link which will say
00:02:19 logout and which will will use our fresh
00:02:22 created route or newly created route
00:02:25 called logout okay let me save to this
00:02:28 close this and reload here now we got
00:02:34 our logout menu item here let me click
00:02:38 this and now unlocked out now I'm going
00:02:41 to log in as someone else I don't know
00:02:44 what is this password Chris yeah and I'm
00:02:49 just creating a post as to someone and
00:02:51 now we got mixed posts and now it should
00:02:53 only be able to delete well this post by
00:02:56 me by Chris and not by the other people
00:02:58 I see we should maybe also change the
00:03:01 sorting of the post to have the most
00:03:03 recent post at the top let's quickly
00:03:06 implement that so in the post controller
00:03:10 where we get all our posts all I do here
00:03:12 is when I get all posts here I'll change
00:03:17 this I'll not get all I will first call
00:03:20 ordered by not may well order by and
00:03:23 then we have by created add it should be
00:03:30 order descending so this is how we were
00:03:33 you're descending we specify by what you
00:03:35 feel do we want to order and then we can
00:03:37 either enter desc
00:03:40 descending or ask for s ending here and
00:03:43 then we just use get to get all the
00:03:47 elements matching well the conditions we
00:03:50 define before the select could select
00:03:53 part class you but we're don't have any
00:03:56 therefore we select all the items but we
00:03:59 order them we can't use all anymore
00:04:01 because what we added something to this
00:04:03 query polar here no let me reload them
00:04:07 now we should see that Chris posts at
00:04:09 the top anyway that's just a little
00:04:11 fine-tuning here what I want to do is I
00:04:13 want to first remove this buttons here
00:04:16 if I'm not max in this case and second I
00:04:20 also want to make sure to check that if
00:04:22 I hit delete if I'm the user logged in
00:04:24 because even if I
00:04:25 the buttons I might still be able to
00:04:28 well query that route or to try to
00:04:33 target that route via a terminal or by
00:04:36 directly entering URL appear so we have
00:04:39 to make sure we're safe in the backend
00:04:41 as well as in front-end so to say now to
00:04:45 begin with with I will start in my post
00:04:48 controller here in my post controller
00:04:51 here I will check if the user of this
00:04:54 post equals the user who is currently
00:04:57 logged in if this is not the case then I
00:05:00 don't really want to delete the post so
00:05:03 therefore I'm doing this right below

00:05:04 this post variable where we fetch our
00:05:06 post and then I want to retrieve the
00:05:09 currently logged in user
00:05:10 I do displays in the office aid so make
00:05:13 sure you're importing that at the top
00:05:14 and here I access the user method to
00:05:18 retrieve the currently logged in user
00:05:20 and then I check if this is not equal to
00:05:23 well the user of the post which you can
00:05:25 retrieve by using this user property
00:05:28 since we set up this relation if you
00:05:29 remember the last videos if there is
00:05:32 users do not match and I want to return
00:05:34 a redirect back so I don't want it to
00:05:37 lead I'm not continuing here and yeah we
00:05:40 could provide a message here an error
00:05:42 message but if we get here even though
00:05:44 we deleted the buttons on the front page
00:05:48 probably you've done something fishy
00:05:50 already so I don't think we need to
00:05:52 provide the best user experience here
00:05:53 but you might add as a message and
00:05:55 output it so now we technically can't
00:05:59 delete users if you're not the same user
00:06:01 excuse me posts if we're not the same
00:06:04 user so the next thing I want to do is
00:06:07 in my dashboard here I want you only
00:06:09 show these buttons if we are allowed to
00:06:13 delete and edit it goes for edit as well
00:06:16 even though we haven't implemented that
00:06:18 yet so therefore I will well let me put
00:06:21 this in on two new lines and her new
00:06:22 line here I will add an if statement
00:06:24 with my polite expression syntax and if
00:06:28 and this should only be shown
00:06:32 conditionally so I'm going to put this
00:06:34 inside the if statement make sure to
00:06:36 also have this pipe here with you
00:06:38 that you don't have floating pipe at the
00:06:40 end of the like and dislike button even
00:06:42 though no buttons are coming after that
00:06:44 and then here I use the same check off
00:06:46 user should be in this case it should be
00:06:50 equal otherwise I'm not showing it
00:06:51 should be equal to the user of this post
00:06:56 we're having here and we're accessing
00:06:58 post since we're looping through all our
00:07:00 posts here let me save this and reload
00:07:03 good as you can see not seeing the
00:07:06 buttons here I can delete my own post
00:07:08 that's still working let me try to
00:07:10 delete the post of max here to do so
00:07:14 I'll have a look at my database my posts
00:07:17 I did you I'll try to delete the post
00:07:21 with an ID of two I can do this if you
00:07:25 have a look at our routes by just
00:07:28 accessing delete post and then the idea
00:07:31 of the post so I'm just going to copy
00:07:33 that instead of dashboard and posted
00:07:35 these two as we just looked it up and
00:07:38 well now I'm just taking back taken back
00:07:41 let me see if the post got deleted no
00:07:43 it's still there so our security check
00:07:45 here is working now we can only delete
00:07:47 our own posts see you in the next videos
00:07:48 bye

You may also like