Coding

Laravel 5.2 PHP Build a social network – User Logout & Fixing Post Deletion

  • 00:00:01 hi everyone welcome back to a new video
  • 00:00:03 in our laravel series we finished when
  • 00:00:06 we were able to delete posts
  • 00:00:08 unfortunately also posts of our people
  • 00:00:11 so let's work on that first I'm already
  • 00:00:15 locked in here I want to create a new
  • 00:00:17 post therefore it would be cool if I
  • 00:00:19 could log in as someone else therefore
  • 00:00:21 it would be cool if I could lock out
  • 00:00:23 so let's implement that for it to begin
  • 00:00:25 with I'll start in my user controller
  • 00:00:31 here where I will add a new function at
  • 00:00:33 the bottom which we call well log out
  • 00:00:36 get logout inside this function I will
  • 00:00:41 have a very complex expression or a very
  • 00:00:46 complex code and watch closely to get
  • 00:00:50 this right we use of logout so that's
  • 00:00:57 all we're logging out using this off the
  • 00:01:00 side which we're importing here at the
  • 00:01:02 top and done this will log out the
  • 00:01:06 currently locked end user now all that
  • 00:01:08 is left to do is add a redirect to get
  • 00:01:11 us well let's say to our home page so
  • 00:01:16 next thing is I want to add a route I
  • 00:01:17 will do this right here below the sign
  • 00:01:19 in route and there's a gap Road just log
  • 00:01:23 out which will use a controller
  • 00:01:25 obviously since which has created a
  • 00:01:27 method not just users and then what will
  • 00:01:31 I use what will the user controller add
  • 00:01:34 get logout this will be used and then
  • 00:01:37 here we use this as logout this will be
  • 00:01:41 the name of our around next thing is and
  • 00:01:44 my header I want to include it and I
  • 00:01:47 will include it here and the easiest way
  • 00:01:50 to do that is to well head over to
  • 00:01:53 bootstrap here under components navbar
  • 00:01:57 I'm making this very easier I'm just
  • 00:02:01 going to copy which one we want this
  • 00:02:06 part here just going to copy this part
  • 00:02:08 to position it at the right of our
  • 00:02:10 header copy this into it
  • 00:02:14 here I don't need to drop down all I
  • 00:02:16 need is one single link which will say
  • 00:02:19 logout and which will will use our fresh
  • 00:02:22 created route or newly created route
  • 00:02:25 called logout okay let me save to this
  • 00:02:28 close this and reload here now we got
  • 00:02:34 our logout menu item here let me click
  • 00:02:38 this and now unlocked out now I'm going
  • 00:02:41 to log in as someone else I don't know
  • 00:02:44 what is this password Chris yeah and I'm
  • 00:02:49 just creating a post as to someone and
  • 00:02:51 now we got mixed posts and now it should
  • 00:02:53 only be able to delete well this post by
  • 00:02:56 me by Chris and not by the other people
  • 00:02:58 I see we should maybe also change the
  • 00:03:01 sorting of the post to have the most
  • 00:03:03 recent post at the top let's quickly
  • 00:03:06 implement that so in the post controller
  • 00:03:10 where we get all our posts all I do here
  • 00:03:12 is when I get all posts here I'll change
  • 00:03:17 this I'll not get all I will first call
  • 00:03:20 ordered by not may well order by and
  • 00:03:23 then we have by created add it should be
  • 00:03:30 order descending so this is how we were
  • 00:03:33 you're descending we specify by what you
  • 00:03:35 feel do we want to order and then we can
  • 00:03:37 either enter desc
  • 00:03:40 descending or ask for s ending here and
  • 00:03:43 then we just use get to get all the
  • 00:03:47 elements matching well the conditions we
  • 00:03:50 define before the select could select
  • 00:03:53 part class you but we're don't have any
  • 00:03:56 therefore we select all the items but we
  • 00:03:59 order them we can't use all anymore
  • 00:04:01 because what we added something to this
  • 00:04:03 query polar here no let me reload them
  • 00:04:07 now we should see that Chris posts at
  • 00:04:09 the top anyway that's just a little
  • 00:04:11 fine-tuning here what I want to do is I
  • 00:04:13 want to first remove this buttons here
  • 00:04:16 if I'm not max in this case and second I
  • 00:04:20 also want to make sure to check that if
  • 00:04:22 I hit delete if I'm the user logged in
  • 00:04:24 because even if I
  • 00:04:25 the buttons I might still be able to
  • 00:04:28 well query that route or to try to
  • 00:04:33 target that route via a terminal or by
  • 00:04:36 directly entering URL appear so we have
  • 00:04:39 to make sure we're safe in the backend
  • 00:04:41 as well as in front-end so to say now to
  • 00:04:45 begin with with I will start in my post
  • 00:04:48 controller here in my post controller
  • 00:04:51 here I will check if the user of this
  • 00:04:54 post equals the user who is currently
  • 00:04:57 logged in if this is not the case then I
  • 00:05:00 don't really want to delete the post so
  • 00:05:03 therefore I'm doing this right below
  • 00:05:04 this post variable where we fetch our
  • 00:05:06 post and then I want to retrieve the
  • 00:05:09 currently logged in user
  • 00:05:10 I do displays in the office aid so make
  • 00:05:13 sure you're importing that at the top
  • 00:05:14 and here I access the user method to
  • 00:05:18 retrieve the currently logged in user
  • 00:05:20 and then I check if this is not equal to
  • 00:05:23 well the user of the post which you can
  • 00:05:25 retrieve by using this user property
  • 00:05:28 since we set up this relation if you
  • 00:05:29 remember the last videos if there is
  • 00:05:32 users do not match and I want to return
  • 00:05:34 a redirect back so I don't want it to
  • 00:05:37 lead I'm not continuing here and yeah we
  • 00:05:40 could provide a message here an error
  • 00:05:42 message but if we get here even though
  • 00:05:44 we deleted the buttons on the front page
  • 00:05:48 probably you've done something fishy
  • 00:05:50 already so I don't think we need to
  • 00:05:52 provide the best user experience here
  • 00:05:53 but you might add as a message and
  • 00:05:55 output it so now we technically can't
  • 00:05:59 delete users if you're not the same user
  • 00:06:01 excuse me posts if we're not the same
  • 00:06:04 user so the next thing I want to do is
  • 00:06:07 in my dashboard here I want you only
  • 00:06:09 show these buttons if we are allowed to
  • 00:06:13 delete and edit it goes for edit as well
  • 00:06:16 even though we haven't implemented that
  • 00:06:18 yet so therefore I will well let me put
  • 00:06:21 this in on two new lines and her new
  • 00:06:22 line here I will add an if statement
  • 00:06:24 with my polite expression syntax and if
  • 00:06:28 and this should only be shown
  • 00:06:32 conditionally so I'm going to put this
  • 00:06:34 inside the if statement make sure to
  • 00:06:36 also have this pipe here with you
  • 00:06:38 that you don't have floating pipe at the
  • 00:06:40 end of the like and dislike button even
  • 00:06:42 though no buttons are coming after that
  • 00:06:44 and then here I use the same check off
  • 00:06:46 user should be in this case it should be
  • 00:06:50 equal otherwise I'm not showing it
  • 00:06:51 should be equal to the user of this post
  • 00:06:56 we're having here and we're accessing
  • 00:06:58 post since we're looping through all our
  • 00:07:00 posts here let me save this and reload
  • 00:07:03 good as you can see not seeing the
  • 00:07:06 buttons here I can delete my own post
  • 00:07:08 that's still working let me try to
  • 00:07:10 delete the post of max here to do so
  • 00:07:14 I'll have a look at my database my posts
  • 00:07:17 I did you I'll try to delete the post
  • 00:07:21 with an ID of two I can do this if you
  • 00:07:25 have a look at our routes by just
  • 00:07:28 accessing delete post and then the idea
  • 00:07:31 of the post so I'm just going to copy
  • 00:07:33 that instead of dashboard and posted
  • 00:07:35 these two as we just looked it up and
  • 00:07:38 well now I'm just taking back taken back
  • 00:07:41 let me see if the post got deleted no
  • 00:07:43 it's still there so our security check
  • 00:07:45 here is working now we can only delete
  • 00:07:47 our own posts see you in the next videos
  • 00:07:48 bye