1 00:00:00,090 --> 00:00:00,660 Yours. 2 00:00:00,660 --> 00:00:03,800 Welcome back to this tutorial. 3 00:00:03,990 --> 00:00:10,180 Today we'll be looking at how we can global restricting access to certain parts of our sites. 4 00:00:10,310 --> 00:00:10,640 No. 5 00:00:10,640 --> 00:00:16,260 Up until this point I'm sure you understand that a controller LITERALLY CONTROLS THE ENTIRE sides. 6 00:00:16,260 --> 00:00:18,560 It controls the flow of things. 7 00:00:18,630 --> 00:00:26,700 Anything that you request to view which will render what we call literally a view is going to be searched 8 00:00:26,700 --> 00:00:32,080 for and later rendered by our controller server quest. 9 00:00:32,190 --> 00:00:36,100 With passed through the controller and it will leave the results. 10 00:00:36,300 --> 00:00:42,720 Well we want to look at today is restricting what somebody can or cannot see. 11 00:00:42,720 --> 00:00:43,250 All right. 12 00:00:43,440 --> 00:00:51,610 So today we'll be using this course as controller as our guinea pig as it were. 13 00:00:51,610 --> 00:00:59,050 And then we will dissect what we can put in to control who can see what. 14 00:00:59,760 --> 00:01:05,970 No the first thing that I want to point out is a new data on notation that you have seen in the current 15 00:01:06,060 --> 00:01:14,520 controller called authorize the authorize means that you cannot access anything inside this controller 16 00:01:14,880 --> 00:01:22,500 unless you are authorized or by extension authenticated authenticated meaning you have signed into the 17 00:01:22,500 --> 00:01:27,320 application and you are identified as an authorized person. 18 00:01:27,660 --> 00:01:34,650 In short if I want to restrict everything inside of my courses controller meaning you can't view the 19 00:01:34,650 --> 00:01:40,680 list of course as you can view the detail of any course you can create of course and you can edit or 20 00:01:40,680 --> 00:01:46,000 do any of these operations in addition to whatever else you may have added to the controller. 21 00:01:46,140 --> 00:01:52,350 Then I need only right above the controller declaration right. 22 00:01:52,530 --> 00:02:01,470 Open square brackets and the word authorize and again always hover over it and see that it says it specifies 23 00:02:01,470 --> 00:02:08,830 that a controller or action is restricted to only people who needs the authorization requirements. 24 00:02:08,830 --> 00:02:12,990 And in this case you have to be logged in to be counted as authorized. 25 00:02:13,290 --> 00:02:20,820 So if we do this and then we run and then attempt to browse to anything inside of the controller for 26 00:02:20,820 --> 00:02:25,270 courses then we should be redirected to the log in page. 27 00:02:25,270 --> 00:02:32,730 I will try that now in our last video we did test the registration and log in features that we saw that 28 00:02:32,730 --> 00:02:39,750 they work and we just specify that courses should require some amount of authorization before it grants 29 00:02:39,780 --> 00:02:46,270 access which means that this one which should lead to courses should restrict me from proceeding and 30 00:02:46,280 --> 00:02:47,760 let's put that to the test. 31 00:02:47,760 --> 00:02:52,090 So click learn more and then voila. 32 00:02:52,200 --> 00:02:54,770 I am not required to log in. 33 00:02:54,780 --> 00:03:04,380 And then if I see a log in using that existing user information then I will be redirected to the causes 34 00:03:04,410 --> 00:03:05,310 index speech. 35 00:03:05,380 --> 00:03:11,920 I can go back home and for the entire duration that I am logged in I can click learn more and go ahead 36 00:03:11,920 --> 00:03:14,680 without any hindrance. 37 00:03:14,700 --> 00:03:15,110 All right. 38 00:03:15,310 --> 00:03:19,750 And then once I'm here remember that the authorize was over the entire controller. 39 00:03:19,750 --> 00:03:27,010 So once I'm authorized I can now edit and delete and view details and do all of the wonderful things 40 00:03:27,310 --> 00:03:32,110 that I would be allowed to do as an authorized person. 41 00:03:32,160 --> 00:03:37,060 Now I'm just going to log off and then we'll continue with our experiments and you see that having logged 42 00:03:37,060 --> 00:03:43,450 off it's moved me automatically from the restricted page mark to a page that it doesn't really care 43 00:03:43,450 --> 00:03:44,860 if I access are not. 44 00:03:45,610 --> 00:03:52,030 So for our students controller we also want to authorize because we don't want every and anybody to 45 00:03:52,030 --> 00:03:59,800 be able to just get into the system and view and delete and edit etc. But then I want to lift the restriction 46 00:03:59,950 --> 00:04:06,700 on the view for the student listing so everything is requires authorization. 47 00:04:06,790 --> 00:04:14,920 But I want this particular action maybe some others also but in this situation this particular one to 48 00:04:14,920 --> 00:04:19,630 be able to be viewed without having the proper authorization. 49 00:04:19,630 --> 00:04:27,280 So there is another attributes called a low Anonymous which if you read the tooltip kind of overrides 50 00:04:27,370 --> 00:04:31,320 the authorized attributes or authorize attributes is global. 51 00:04:31,330 --> 00:04:37,280 It's the Overlord colorful control that has the answer to it but then anywhere that has a low anonymous 52 00:04:37,300 --> 00:04:40,500 kind of says Okay I would make an exception for this one. 53 00:04:40,510 --> 00:04:42,820 You don't have to be authorized for that one. 54 00:04:42,850 --> 00:04:43,120 All right. 55 00:04:43,300 --> 00:04:46,630 So you can add that to index. 56 00:04:46,630 --> 00:04:52,500 I want to restrict the creation of students and editing of a student and deletion of a student by a 57 00:04:52,500 --> 00:04:53,920 non registered user. 58 00:04:53,920 --> 00:04:58,060 So leave those alone and then we can see if that work all right. 59 00:04:58,090 --> 00:05:03,660 So we're not logged in and then we want to go over and view all students. 60 00:05:03,670 --> 00:05:10,720 So I go to all students and then we see wow it loads I'm still not logged in and I'm able to browse 61 00:05:10,720 --> 00:05:11,800 all students. 62 00:05:11,800 --> 00:05:19,000 However when I try to create new edit or view details and I open all of these in different up so we 63 00:05:19,000 --> 00:05:21,250 can see the different results. 64 00:05:21,250 --> 00:05:25,880 You see this this is create it's requiring me to log in. 65 00:05:25,930 --> 00:05:32,810 This one is edit it's requiring me to log in and this one was for details. 66 00:05:32,810 --> 00:05:40,670 It's requiring me to log in so you see although we authorized the entire controller we can allow anonymous 67 00:05:40,700 --> 00:05:45,800 access to particular views that you know if the person is not logged in Okay fine finally we let you 68 00:05:45,800 --> 00:05:50,670 see the information but to get any further we need you to be authorized. 69 00:05:50,720 --> 00:05:57,200 You can also add this authorized the part to kill or use if it is a case where you have the controller 70 00:05:57,200 --> 00:06:04,070 and you want all of it to be open to everybody but for one or two views you can just add that authorize 71 00:06:04,160 --> 00:06:09,280 attributes directly to that action in your controller. 72 00:06:09,320 --> 00:06:16,310 So instead of allowing anonymous you would authorize right here above that action which would then restrict 73 00:06:16,580 --> 00:06:18,170 that actions. 74 00:06:18,170 --> 00:06:19,550 Accessibility. 75 00:06:19,550 --> 00:06:22,940 So I hope you guys phone value in this video. 76 00:06:22,940 --> 00:06:28,700 The next video we'll talk of bullets restricting it based on rules and modifying what options are available 77 00:06:28,760 --> 00:06:35,690 on the view when the person is authorized as opposed to when they're not authorized or when they are 78 00:06:35,810 --> 00:06:38,490 a particular rule versus when they're not. 79 00:06:38,560 --> 00:06:38,870 All right. 80 00:06:38,880 --> 00:06:42,020 So thanks for viewing and see you next time.