1 00:00:03,300 --> 00:00:04,040 Hey guys. 2 00:00:04,100 --> 00:00:10,580 In our last video we were going through setting up user authentication and in this video we will be 3 00:00:10,580 --> 00:00:18,950 looking at setting up rules to her boss to further control who can access what's know there are a few 4 00:00:18,950 --> 00:00:20,530 things that we need to do. 5 00:00:20,540 --> 00:00:27,050 Rules would already be enabled by virtue of the fact that we have individual user accounts and we already 6 00:00:27,050 --> 00:00:34,850 set up the database for user authentication so we just need to have a few more tweaks and we will get 7 00:00:34,850 --> 00:00:42,860 our rules based or our rules separation in fact in our application. 8 00:00:43,100 --> 00:00:43,420 OK. 9 00:00:43,450 --> 00:00:50,270 So we'll start our journey in our style of class and since allows me do I actually upgraded to visual 10 00:00:50,270 --> 00:00:53,250 studio or community addition 2019. 11 00:00:53,420 --> 00:00:56,750 So the interface may look a bit different as I go along. 12 00:00:57,170 --> 00:01:04,980 But essentially it's pretty much the same as you which is what we started this course series in. 13 00:01:05,600 --> 00:01:08,440 So we start with startup. 14 00:01:08,960 --> 00:01:14,410 And once I want to do is actually create a few rules to begin with. 15 00:01:14,420 --> 00:01:22,970 So in the context of our school management system we would probably have an admin a principal and let's 16 00:01:22,970 --> 00:01:26,460 say a user or a teacher. 17 00:01:26,480 --> 00:01:31,430 So we want at least three rules to begin with. 18 00:01:31,430 --> 00:01:39,710 So what I'm going to do is define a function here in the start class that is actually going to go ahead 19 00:01:39,740 --> 00:01:47,000 and create those rules as soon as the application will start so since that's what this class is here 20 00:01:47,000 --> 00:01:47,270 for. 21 00:01:47,300 --> 00:01:56,570 So just go ahead and create a function both creates you roles and users. 22 00:01:56,570 --> 00:02:05,030 And what I'm going to do here firstly is include my application Beebe context to recall that application 23 00:02:05,030 --> 00:02:12,790 VB context would have been defined in our identity model right here and it represents that direct connection 24 00:02:12,950 --> 00:02:20,630 which we call a default connection to our database that is hosing our user beast tables. 25 00:02:20,630 --> 00:02:24,830 So here a default connection is looking right at our database. 26 00:02:24,830 --> 00:02:32,030 So what we want to do is initialize an object of that here because what we want to do is to do a few 27 00:02:32,280 --> 00:02:34,040 database operations. 28 00:02:34,190 --> 00:02:43,270 So we need to include our application B2B context and our father context Zee photo. 29 00:02:43,550 --> 00:02:49,840 And then we see that it's telling us we need to include something so a nice keyboard shortcut is control 30 00:02:49,870 --> 00:02:56,890 and dots and it will show us what moves up and we can skip that and then we see a new application DV 31 00:02:56,960 --> 00:03:05,180 16 or maybe or that var can of the villa or so you could always just see a bar here for context equals 32 00:03:05,270 --> 00:03:08,140 new application DV context. 33 00:03:08,270 --> 00:03:14,480 Next we want to enable to monitors in the form of the role the manager and the user manager. 34 00:03:14,480 --> 00:03:22,730 So I'm just going to initialize an object call it role manager and I'm going to say this is equal to 35 00:03:22,730 --> 00:03:32,390 a new role manager and I can just say control that which will promise me as to what needs to be installs 36 00:03:32,760 --> 00:03:33,320 included. 37 00:03:33,380 --> 00:03:33,760 Sorry. 38 00:03:33,770 --> 00:03:44,230 So I can just press enter and go right ahead and I want this to have identity a role which is going 39 00:03:44,230 --> 00:03:48,780 to require another inclusion so control but once again press enter. 40 00:03:48,790 --> 00:03:55,430 So as you go along you can just go ahead and include all of those libraries that need to be installed. 41 00:03:55,600 --> 00:04:00,130 And this is just a part of the initialization. 42 00:04:00,790 --> 00:04:07,510 So you can just go ahead and type along with me rule store identity rule. 43 00:04:07,660 --> 00:04:19,910 Once again and all of this within the context of context so essentially we are initializing a road monitor 44 00:04:20,690 --> 00:04:30,440 and we're passing in the identity rule and we it's we're initializing a constructor plus in rows store 45 00:04:30,440 --> 00:04:37,430 with identity rule and the value of context here plus in the database that this rule manager should 46 00:04:37,940 --> 00:04:43,870 be initialized within the context of how we do something similar for our user monitor. 47 00:04:43,880 --> 00:04:48,380 So those duplicate that line and just change some of the words. 48 00:04:48,380 --> 00:04:50,570 So this will be user manager. 49 00:04:50,570 --> 00:04:53,450 This is no user manager. 50 00:04:54,080 --> 00:04:59,900 So ultimately has this a similar setup this will be application user. 51 00:04:59,900 --> 00:05:02,870 And this would be user store. 52 00:05:02,870 --> 00:05:11,540 And once again application user and context to me is the saying no we actually need to put it into action. 53 00:05:11,540 --> 00:05:17,500 So what I'm able to do is write an if statement to say that if a rule already exists. 54 00:05:17,600 --> 00:05:22,330 If I rule does not exist then create it. 55 00:05:22,670 --> 00:05:27,460 And well obviously it wouldn't create it if it's already exists. 56 00:05:27,460 --> 00:05:31,200 So I'm actually going to create an admin user initially. 57 00:05:31,430 --> 00:05:44,380 So if and when to say not and the role manager allows me to actually to find or run certain rules specific 58 00:05:44,390 --> 00:05:48,770 operations so I can see rule exists. 59 00:05:48,770 --> 00:05:54,450 And this function will actually go into the rules database and the real stable. 60 00:05:54,560 --> 00:05:54,910 Sorry. 61 00:05:54,920 --> 00:05:59,720 And check if a rule exists by this name. 62 00:05:59,750 --> 00:06:07,100 So clear rule manager we'll see if there is a rule that exists with the name admin. 63 00:06:07,130 --> 00:06:07,570 All right. 64 00:06:07,730 --> 00:06:14,760 But in this case I'm thinking if not I want to see if there is no rule admin then do this. 65 00:06:14,840 --> 00:06:19,110 And what I want to do is create the first rule. 66 00:06:19,190 --> 00:06:29,450 So I'm just going to initialize something of type identity rule and then I'm one to give this role object 67 00:06:29,910 --> 00:06:30,620 a name. 68 00:06:30,620 --> 00:06:33,990 So the idea would be implied once it goes into the database. 69 00:06:34,130 --> 00:06:40,760 But once you give it the name and the name I'm going to give it is admin and then I'm just going to 70 00:06:40,760 --> 00:06:52,810 say room manager go ahead and create this rule so road manager once again has some rural specific operations 71 00:06:53,140 --> 00:06:59,270 that help us to manipulate the rules stables so we don't have to do much work in getting data in and 72 00:06:59,290 --> 00:07:00,880 all of this table. 73 00:07:00,970 --> 00:07:07,270 As with regular table swans it's no use or our rules table as it would have been generated then. 74 00:07:08,230 --> 00:07:14,770 We have certain operations given to us by the framework that helps us to manipulate these tables so 75 00:07:15,100 --> 00:07:17,090 that I have the role. 76 00:07:17,170 --> 00:07:28,410 I'm actually just going to create a user off but application user and I'll do my object initialization 77 00:07:28,470 --> 00:07:32,070 which would then see user name so you could have done that. 78 00:07:32,070 --> 00:07:32,870 Here you go. 79 00:07:32,880 --> 00:07:37,470 Just then the curly braces here and then this field in name equals admin. 80 00:07:37,510 --> 00:07:43,860 So I'm just doing it both ways just in case here in you to see sharp and you want to see how or P works 81 00:07:43,890 --> 00:07:52,340 there certain ways to get there on this so I'll give this user name let's give it admin keep it simple 82 00:07:52,890 --> 00:08:04,580 and the email sorry since to be mean at the bases and then GS to the management for sure com. 83 00:08:04,610 --> 00:08:05,060 All right. 84 00:08:05,640 --> 00:08:10,360 And then what we won't be able to do is actually just set the password directly here. 85 00:08:10,390 --> 00:08:21,510 Lisa I don't want to because I would want to actually see the bar password is equal to and I'll just 86 00:08:21,510 --> 00:08:24,250 say password just to keep it simple. 87 00:08:24,300 --> 00:08:29,790 What do we call that our database is actually going to or at least our functions are actually going 88 00:08:29,790 --> 00:08:34,900 to encrypt this password before it actually gets stored in the database. 89 00:08:34,920 --> 00:08:38,610 So password is equal to this simple word. 90 00:08:38,610 --> 00:08:45,030 I just I'm just doing this so I can actually remember but this is a verified practice going forward. 91 00:08:45,300 --> 00:08:49,130 So then I'll save R Us Ah. 92 00:08:49,590 --> 00:08:56,010 I'm just I'm just creating variables here is equal to and then here's where user manager comes in because 93 00:08:56,130 --> 00:08:58,580 all we want to actually create are users. 94 00:08:58,590 --> 00:09:09,060 So we call on our user manager object and then we see creates we know we can and then we're passing 95 00:09:09,060 --> 00:09:14,820 in and if you look at the function overloads you see or you can create a user with no password. 96 00:09:14,850 --> 00:09:15,370 All right. 97 00:09:15,660 --> 00:09:23,280 You just class in the object of application user or you can actually create a pass or user with a password 98 00:09:23,700 --> 00:09:30,840 and you pass in the user object or the application User object and whatever the password is in string 99 00:09:30,840 --> 00:09:31,230 form. 100 00:09:31,620 --> 00:09:37,050 So this function would actually handle that encryption and insertion into the database. 101 00:09:37,380 --> 00:09:41,530 So this boss in our user object as well. 102 00:09:41,690 --> 00:09:48,820 Or password and then just add a cursory check here to see if or creation. 103 00:09:48,840 --> 00:09:56,760 So anytime you actually create carry out an entity framework action or function usually this function 104 00:09:56,760 --> 00:09:58,830 will return some value. 105 00:09:58,980 --> 00:10:05,940 So the so the so the user objects here are us our objects here will actually have a value so we can 106 00:10:05,940 --> 00:10:09,210 see us are not succeeded. 107 00:10:09,210 --> 00:10:09,510 All right. 108 00:10:09,510 --> 00:10:16,440 So it will return a boolean if it was successful it also returns a list of arrows. 109 00:10:16,470 --> 00:10:22,560 So yes if this is false then you will get a list of errors if this is true then obviously whatever you 110 00:10:22,560 --> 00:10:23,160 try at work. 111 00:10:23,220 --> 00:10:35,770 So if this operation was successful then we can see var results is equal to or use manager. 112 00:10:35,820 --> 00:10:41,290 Once again we want to add a rule. 113 00:10:41,370 --> 00:10:53,500 And after I finish writing this I'll experience user dot I'd be and the rule which is me or let me start 114 00:10:53,500 --> 00:10:54,070 from the top. 115 00:10:54,610 --> 00:11:02,100 So we check firstly if there is a rule called admin in our rules tables. 116 00:11:02,110 --> 00:11:02,400 All right. 117 00:11:02,410 --> 00:11:08,740 So rule manager act is our leads on with our royal stables our DC Does the rule exists. 118 00:11:08,770 --> 00:11:09,740 Yes or no. 119 00:11:09,850 --> 00:11:10,280 No. 120 00:11:10,300 --> 00:11:11,870 If it does not. 121 00:11:11,980 --> 00:11:13,120 Which it wouldn't. 122 00:11:13,120 --> 00:11:19,560 At this stage then we want to firstly create a rule object and then fill it in with the data. 123 00:11:19,570 --> 00:11:25,990 And in this case we want to give it the name admin and then we go ahead and create the rule. 124 00:11:26,020 --> 00:11:28,180 So the rule needs to exist. 125 00:11:28,180 --> 00:11:37,010 Then we go ahead and create an admin user and then we use that admin user password and then we say creates 126 00:11:37,010 --> 00:11:39,260 this user with that password. 127 00:11:39,260 --> 00:11:45,410 So now we would have an admin rule and we have a user called admin. 128 00:11:45,410 --> 00:11:50,590 What we don't have is an association between our user and the rule. 129 00:11:50,660 --> 00:11:56,650 So that is where this line comes in where it is if the user was successfully created. 130 00:11:56,810 --> 00:11:57,070 Right. 131 00:11:57,110 --> 00:12:02,170 And if it got this far then the rule would be successfully created. 132 00:12:02,540 --> 00:12:10,280 If the rules created and the user was created then we want to see if it was successfully created then 133 00:12:10,280 --> 00:12:14,810 we want to add a rule this user. 134 00:12:14,810 --> 00:12:16,570 And that rule. 135 00:12:16,610 --> 00:12:23,220 In other words no we want to create an association between this user idea whatever user I.D. and all 136 00:12:23,220 --> 00:12:24,380 the science of this object. 137 00:12:24,380 --> 00:12:31,680 Because once it's different more for us this operation this object is basically updated with the idea 138 00:12:31,690 --> 00:12:36,890 coming from the database and we have the admin rule. 139 00:12:37,160 --> 00:12:43,800 So this function will actually handle finding all the two ideas and associating them. 140 00:12:43,820 --> 00:12:49,400 Now I think all of this is very important for the admin because admin users are a dime a dozen. 141 00:12:49,430 --> 00:12:52,450 Usually you have one to very few admin users. 142 00:12:52,460 --> 00:12:55,420 You don't go on creating admin users. 143 00:12:55,430 --> 00:13:03,410 However for the principal or the supervisor and the teachers it's not that serious. 144 00:13:03,650 --> 00:13:09,330 So what we can do is simply check if those rules exist. 145 00:13:09,330 --> 00:13:19,290 So I'm just going to see if that's room manager DOT's role exists and this time when to search for the 146 00:13:19,330 --> 00:13:20,540 school teacher. 147 00:13:20,560 --> 00:13:29,060 So if there is no teacher rule then I'm just going to copy this code here and then I'm going to just 148 00:13:29,060 --> 00:13:33,220 paste it there and I'm going to change zero name to teacher. 149 00:13:33,290 --> 00:13:34,160 And there we have it. 150 00:13:34,160 --> 00:13:41,260 So once again on the first run as of writing this code none of these rules exist. 151 00:13:41,300 --> 00:13:46,220 So this will run and create admin and admin user. 152 00:13:46,220 --> 00:13:53,710 This will run and create a teacher rule and I'm just going to put in one more for a supervisor which 153 00:13:53,710 --> 00:13:54,910 is very similar to that. 154 00:13:54,920 --> 00:14:00,200 Again super advisor and supervisor. 155 00:14:00,670 --> 00:14:01,080 All right. 156 00:14:01,240 --> 00:14:06,700 And I'm just going to control a shift and b to build and just ensure I have no errors. 157 00:14:06,700 --> 00:14:06,930 All right. 158 00:14:06,950 --> 00:14:13,790 So we have no errors and know that we've created all of this what we need to do is actually call our 159 00:14:13,790 --> 00:14:21,350 function in our configuration function which runs as soon as the application starts. 160 00:14:21,740 --> 00:14:23,790 So I'm just going to call this function. 161 00:14:23,810 --> 00:14:33,150 I can just copy and paste it this it there and then we can execute and watch that our rules get created. 162 00:14:33,590 --> 00:14:36,760 Okay so we got an error here. 163 00:14:37,100 --> 00:14:43,640 If you are following up to this point in all of the lectures remember that we modified our application 164 00:14:43,640 --> 00:14:49,280 user objects to actually have had dates of birth all right. 165 00:14:49,790 --> 00:15:00,710 So as a result when we're creating this user in our startup sorry it is saying that we have an invalid 166 00:15:00,860 --> 00:15:04,760 beads dates time results. 167 00:15:05,180 --> 00:15:06,730 So we need to fix that. 168 00:15:06,730 --> 00:15:08,870 So I'm just going to stop this real quickly. 169 00:15:08,930 --> 00:15:16,880 And then what we need to do is actually add dates of birth here birth dates equals and other C beads 170 00:15:17,310 --> 00:15:26,320 time gotten all to require me to do a fund that's using the system and then we can try this again. 171 00:15:26,330 --> 00:15:26,620 OK. 172 00:15:26,630 --> 00:15:33,230 So we see that our application came up successfully but I'm not quite interested in what's going on 173 00:15:33,230 --> 00:15:33,490 here. 174 00:15:33,500 --> 00:15:39,350 But quickly out of strand log in as the admin user which should have been created when this was started 175 00:15:39,350 --> 00:15:40,300 up we'll go. 176 00:15:40,310 --> 00:15:44,180 So we're not entirely interested in what is on this screen. 177 00:15:44,180 --> 00:15:50,510 However we want to check our database to see that our rules were created. 178 00:15:50,510 --> 00:15:59,120 So let's go over to survey X for having stopped the debug mode and say so too will data and we want 179 00:15:59,120 --> 00:16:02,560 to see that or three year olds have been created. 180 00:16:03,080 --> 00:16:04,970 And so sad so done. 181 00:16:04,970 --> 00:16:13,190 So we have our three rules admin supervisor teacher and the respective I.D. And if I go to its been 182 00:16:13,190 --> 00:16:20,930 its users and we should see or admin user OK I'm not seeing the in user going to have to check that 183 00:16:21,040 --> 00:16:21,750 out. 184 00:16:21,860 --> 00:16:26,390 I'm not entirely sure why we can get back to that. 185 00:16:26,390 --> 00:16:33,610 So if admin user was not successfully created then that means that association was not going to be there 186 00:16:33,610 --> 00:16:36,750 which would be found in user rules. 187 00:16:36,940 --> 00:16:37,360 Right. 188 00:16:37,390 --> 00:16:39,040 So there is no association. 189 00:16:39,040 --> 00:16:47,670 So at least we have three rules admin supervisor a teacher and we have at least we have two users here. 190 00:16:47,710 --> 00:16:48,190 No. 191 00:16:48,220 --> 00:16:56,380 The thing is if we wanted to associate them at least manually then we just need our user I.D. phone 192 00:16:57,190 --> 00:17:04,030 here in this forum and we just need a real I.D. found in this photo and we could just put them side 193 00:17:04,030 --> 00:17:05,860 by side here manually. 194 00:17:06,250 --> 00:17:13,630 And then we would have an admin user versus a teacher versus if that if that user I.D. appears twice 195 00:17:13,630 --> 00:17:20,870 with two different roles then that user has those rules that have been assigned. 196 00:17:20,890 --> 00:17:27,690 So let's just debug what happened why our admin user was not created. 197 00:17:28,090 --> 00:17:34,990 And I have a strong suspicion if has to do with using a weak password when I want to tweet this quote 198 00:17:34,990 --> 00:17:44,560 a bit and I'm actually just going to tweet this bit here and I'm going to run it before that if statements 199 00:17:44,680 --> 00:17:52,300 just so I can debug what is happening some distance since I debug point here because it seems that parents 200 00:17:52,310 --> 00:18:00,930 of the object successfully and I'm just going to go ahead and press run and see what happens. 201 00:18:00,930 --> 00:18:01,190 All right. 202 00:18:01,210 --> 00:18:08,590 So mid starts up we fix our breakpoint if we look in our user object we see that we have a Roku admin 203 00:18:08,950 --> 00:18:15,420 and the ideas are there and then I can step through using a filter. 204 00:18:15,750 --> 00:18:22,930 We go line by line so I have a password and then we have our function here which would actually create 205 00:18:22,990 --> 00:18:25,120 this user and password. 206 00:18:25,630 --> 00:18:35,710 So I press for them then it will go to the if statements which will then see user creation is successful. 207 00:18:36,460 --> 00:18:37,560 Okay. 208 00:18:38,230 --> 00:18:47,500 So if I press for that again then it should go into the if statement and proceed to associate the user 209 00:18:47,500 --> 00:18:51,120 I.D. for that admin user with the roll. 210 00:18:51,430 --> 00:19:00,120 So I'm not entirely sure why it did not work while it was a part of that statement or its our application 211 00:19:00,120 --> 00:19:04,630 is up this time but I'm just going to stop because I'm not really interested in the application at this 212 00:19:04,630 --> 00:19:05,360 moment. 213 00:19:05,680 --> 00:19:15,540 And I'm going to go to my database and users and see if my eyes deceived me or not. 214 00:19:15,730 --> 00:19:17,500 And there we go. 215 00:19:17,500 --> 00:19:21,160 So our user has been created successfully. 216 00:19:21,520 --> 00:19:28,030 So that means I should be able to log in with this admin user and if we look in user rules and we just 217 00:19:28,030 --> 00:19:29,350 need to refresh. 218 00:19:29,500 --> 00:19:34,540 I already did it but if you're not seeing can industry first query and you'll see that you have that 219 00:19:34,540 --> 00:19:36,850 association user I.D. rule. 220 00:19:37,240 --> 00:19:45,910 I'm not entirely sure why the code didn't run while it was in your statements but the fact is we really 221 00:19:45,910 --> 00:19:52,990 don't want to run again which is why we would have put it inside if statement only happen if there is 222 00:19:52,990 --> 00:19:53,930 no mineral. 223 00:19:54,340 --> 00:20:00,300 So this kind of code you could actually put into an application you're deploying it for the first time. 224 00:20:00,670 --> 00:20:07,150 And these are presets they can put any preset you wish you can create a function create your presets 225 00:20:07,150 --> 00:20:13,170 and just call the function inside this configuration function in the start of class. 226 00:20:13,540 --> 00:20:19,450 Know that we have successfully created some rules and created at least one user in the rule what we 227 00:20:19,450 --> 00:20:27,490 want to do is and this is very very very introductory not best practice that's all but for the sake 228 00:20:27,520 --> 00:20:29,160 of example I do it this way. 229 00:20:29,560 --> 00:20:37,090 What we want to do is actually modify our registration process to include rules. 230 00:20:37,120 --> 00:20:44,160 The first thing I want to do is go to my models and modify the identity model. 231 00:20:44,290 --> 00:20:53,070 So the first thing I want to do is go over to models and modify my account view model and find the or 232 00:20:53,080 --> 00:21:02,580 this model and I want to add here property to accommodate rules all right. 233 00:21:02,980 --> 00:21:10,290 So I'm just going to create another required field you the display name. 234 00:21:10,300 --> 00:21:11,740 User rules. 235 00:21:12,110 --> 00:21:21,760 And this is going to be a string and I want to call it user or you'd also notes that in our database 236 00:21:21,760 --> 00:21:27,020 the e-mail and the user name would get the same thing. 237 00:21:27,070 --> 00:21:32,630 In this case they don't have the same thing what forever previously created one they have the same values. 238 00:21:32,640 --> 00:21:38,770 So what I'm want to do is include user name as a property. 239 00:21:38,980 --> 00:21:44,500 When registering and make sure that we use it user name separately. 240 00:21:44,660 --> 00:21:52,520 I'm just going to put user name and this property user name. 241 00:21:52,670 --> 00:21:53,340 Thanks though. 242 00:21:53,360 --> 00:22:02,060 We want to initialize our combo box for the view for distribution so I'm just going to go into my columns 243 00:22:02,330 --> 00:22:13,120 on trawler and what will be happening in this controller is I want to run our query against my rules 244 00:22:13,120 --> 00:22:20,820 table to see all of the rules in the table and present them as options for distribution. 245 00:22:21,200 --> 00:22:29,110 So the first thing I want to do is actually create a property for application to be 16. 246 00:22:29,110 --> 00:22:33,740 Those remember that just so we will be releasing with our database. 247 00:22:34,040 --> 00:22:39,630 And I'm just going to initialize its having done that. 248 00:22:39,670 --> 00:22:48,220 We want to make sure that when the person user for our site goes through register and we render the 249 00:22:48,220 --> 00:22:54,970 view we're actually rendering the list are combo box with all of their options. 250 00:22:55,000 --> 00:23:01,420 So we just simply call view bug thoughts rules and there are many ways to do this I'm just going to 251 00:23:01,420 --> 00:23:05,790 do it as a view above and call if I select this. 252 00:23:06,430 --> 00:23:12,800 And this would actually go in handy later when we start looking at how we associate files and how would 253 00:23:13,020 --> 00:23:14,410 we have dropped phones. 254 00:23:14,560 --> 00:23:23,200 But in this situation a select list Firstly it takes the data source which would be context about rules 255 00:23:23,410 --> 00:23:32,320 which would do us all rules but best practice would have us create the admin users outside of the box 256 00:23:32,890 --> 00:23:38,740 not a lower user to treat or register and register as I'd been. 257 00:23:38,800 --> 00:23:44,000 So while I'm white I'm not doing it as a best practice by allowing the user to choose their rule. 258 00:23:44,200 --> 00:23:49,970 We can still explore why certain things are just a bad idea also. 259 00:23:50,080 --> 00:23:59,650 So in this situation I would modify my data source and exclude the admin rules so I thought on teens. 260 00:23:59,900 --> 00:24:09,220 So you can see where the name does not come to an app and then that would see exclude to and then we 261 00:24:09,220 --> 00:24:14,270 can just put it to list make those easier. 262 00:24:14,410 --> 00:24:19,780 And there we would have satisfied the very first constructor always see that there are nine of them 263 00:24:19,780 --> 00:24:26,890 and we are able to employ one of the nine that is not this not with a select list you can actually see 264 00:24:27,010 --> 00:24:30,100 when it is selected what value you want. 265 00:24:30,100 --> 00:24:37,810 So I want the value name not the I.T. and also what should be displayed. 266 00:24:37,990 --> 00:24:42,780 And I also want the name to be displayed. 267 00:24:42,880 --> 00:24:50,800 So if you have a word with a combo box and HMO then you know that you always specify the value and you 268 00:24:50,800 --> 00:24:53,410 specify the text to be displayed. 269 00:24:53,410 --> 00:24:59,680 So this is essentially all we're doing is we're looking at this list of objects of type role and we 270 00:24:59,680 --> 00:25:05,170 know that any variable or any object rather of type role has been to name and I.D.. 271 00:25:05,530 --> 00:25:13,170 So we're saying we want the name to be the value and we want name to be the displayed value. 272 00:25:13,250 --> 00:25:18,400 Also right now we're doing all of that before we return the view. 273 00:25:18,460 --> 00:25:26,440 Now in the view of this right click this and see Google to view what we want to do is include another 274 00:25:26,710 --> 00:25:31,080 form group section for our newly created combo box. 275 00:25:31,080 --> 00:25:37,810 So in a sense you copy and paste that form group and this would be a label for and we can change that 276 00:25:37,810 --> 00:25:46,150 from confirming passwords to we use a rule for and we also have one for user name. 277 00:25:46,150 --> 00:25:52,720 So just do this twice and probably put user name above e-mail. 278 00:25:52,740 --> 00:25:53,110 All right. 279 00:25:53,130 --> 00:25:54,300 Well let's do one at a time. 280 00:25:54,330 --> 00:25:59,940 So let's do user name and we will see if that value. 281 00:25:59,970 --> 00:26:08,430 So and this would also be a text box for as opposed to a password for a text box for her username. 282 00:26:08,430 --> 00:26:08,810 All right. 283 00:26:09,210 --> 00:26:19,770 And then likewise on here we actually would choose this the user rule for the label but we want our 284 00:26:19,810 --> 00:26:24,790 H2 helper for draw up and down the list. 285 00:26:24,790 --> 00:26:31,890 So it's a drop on the list and then we select our property user rule. 286 00:26:31,900 --> 00:26:41,970 Put that in quotation marks and then we see that we want to use the select list and we are using in 287 00:26:41,970 --> 00:26:44,770 view by its rules. 288 00:26:45,040 --> 00:26:51,300 So we are implicitly converting whatever values instead of view bug URLs into a select list. 289 00:26:51,310 --> 00:26:57,940 And do remember that that is what we set over here a view by the rules is a new select list. 290 00:26:57,940 --> 00:27:05,710 So this implicit conversion should not feel considering that we already put in a select list there and 291 00:27:05,710 --> 00:27:14,900 then we just have one more empty prior window and then that should take care of our distribution page. 292 00:27:15,030 --> 00:27:20,640 And so we've modified the get or disappeared and the actual HMO. 293 00:27:20,650 --> 00:27:24,340 Now we need to modify what happens when we post back. 294 00:27:24,370 --> 00:27:30,190 So when a user actually comes in to be registered there are certain tweaks that need to occur here. 295 00:27:30,330 --> 00:27:37,850 Well firstly we no need to modify our user name object to know that it is no longer taking e-mail what 296 00:27:37,890 --> 00:27:40,960 it is all taking using it because we added that. 297 00:27:41,080 --> 00:27:49,720 And then the next thing we want to do is what's going on is seeing function to see this that's user 298 00:27:49,720 --> 00:27:53,300 manager dot add to rule. 299 00:27:53,320 --> 00:27:59,590 So now we're actually going to associate this user with a rule and we would remember from the previous 300 00:27:59,590 --> 00:28:09,820 activity that what we want is our user I.D. So user but I.D. and our rule by name which we would get 301 00:28:09,820 --> 00:28:13,550 through model dot user rule. 302 00:28:13,550 --> 00:28:13,860 All right. 303 00:28:14,320 --> 00:28:17,800 So have a little fun here. 304 00:28:17,860 --> 00:28:18,760 Oh I'm sorry. 305 00:28:19,480 --> 00:28:24,200 I'm using a waits here so whatever I'm using it has to be a sync. 306 00:28:24,580 --> 00:28:26,970 So wait a seen. 307 00:28:27,160 --> 00:28:27,940 And there you go. 308 00:28:28,030 --> 00:28:35,590 So each user manager and we are passing the user I.D. because the user would have been created from 309 00:28:35,860 --> 00:28:37,680 this function call. 310 00:28:37,900 --> 00:28:42,950 And if it was successful then we would automatically sign in. 311 00:28:43,120 --> 00:28:49,450 And I mean you could always treat this you could always move this signing function after the creation 312 00:28:49,480 --> 00:28:57,390 and the Association of the user with the role and then you could rewrote to the page. 313 00:28:57,430 --> 00:29:07,480 And similarly if we have to render an error then what we would want to do is reload or select this because 314 00:29:07,480 --> 00:29:13,810 when the page reloads with our arrows we add ons an empty combo box for the user to have to sit down 315 00:29:13,810 --> 00:29:16,390 and figure out how do I get something back. 316 00:29:16,390 --> 00:29:24,520 So we want to reload our view bug with this list such that when it returns this view it knows exactly 317 00:29:24,670 --> 00:29:26,920 what data needs to go back in. 318 00:29:27,220 --> 00:29:33,380 And so we can test this and ensure that our application works just fine. 319 00:29:33,380 --> 00:29:40,080 No our application is up let's try and register a brand new user and see what the experience is like. 320 00:29:40,090 --> 00:29:40,540 All right. 321 00:29:40,540 --> 00:29:48,250 So now we see that we have user name and we have user roll with a dropdown stuff for seafood makes good 322 00:29:48,370 --> 00:29:54,760 style this way using Bootstrap to make it look like I've dropped on that fits in with others. 323 00:29:54,760 --> 00:29:56,830 But let's go ahead right now. 324 00:29:56,860 --> 00:30:03,780 Some would just say test teacher or let's say teacher Y and the e mail address and the C I said e-mail 325 00:30:03,780 --> 00:30:04,140 this. 326 00:30:04,140 --> 00:30:04,810 That's user name. 327 00:30:04,820 --> 00:30:07,180 So we need to modify our model. 328 00:30:07,180 --> 00:30:09,550 So you take all of that slash user name. 329 00:30:09,600 --> 00:30:09,970 All right. 330 00:30:10,000 --> 00:30:14,450 So e-mail address would be teacher at school. 331 00:30:14,500 --> 00:30:15,700 Date of birth. 332 00:30:15,750 --> 00:30:17,540 Just deal with that that password. 333 00:30:17,540 --> 00:30:22,990 I'll use this in Professor again and then user will you notice that this is a blank over when I click 334 00:30:22,990 --> 00:30:31,330 you'll see that it actually has values excluding admin based on the query that we wrote to fill this 335 00:30:31,330 --> 00:30:32,870 combo box. 336 00:30:32,920 --> 00:30:40,570 The reason there is a blank space here is that in our code we did have a blank space in our each demo 337 00:30:40,840 --> 00:30:42,650 in the form of this. 338 00:30:42,700 --> 00:30:42,990 All right. 339 00:30:43,000 --> 00:30:47,360 So that's what that would give us a blank space as a first on default. 340 00:30:47,620 --> 00:30:54,500 So we can go back and these our decision by selecting our role as a teacher and then at the register. 341 00:30:54,550 --> 00:30:55,310 And there we go. 342 00:30:55,310 --> 00:31:02,590 So I'm just going to say but using the or combination for a teacher 1 and if I click manage or click 343 00:31:02,650 --> 00:31:09,880 on the user name you see that you actually have some auto generated functions for the user here. 344 00:31:09,940 --> 00:31:16,930 I won't get into that to be but we can definitely tell that our teacher has been created and I'm just 345 00:31:16,930 --> 00:31:24,580 going to come also people more quickly and we people with the database and see what role this teacher 346 00:31:24,610 --> 00:31:25,630 has been assigned. 347 00:31:25,630 --> 00:31:33,360 So if I refresh the user's table then you'll see teacher coming up so we have a teacher at school come 348 00:31:33,430 --> 00:31:39,010 with the email and we see that the card user name is coming across based on the changes that we have 349 00:31:39,010 --> 00:31:39,700 made. 350 00:31:39,790 --> 00:31:44,890 And if I go to the user and rules that we should see a second rule here. 351 00:31:44,890 --> 00:31:50,580 Coming up with the teacher's I.D. and the teachers are all I.T. and there we go. 352 00:31:50,590 --> 00:31:57,700 So we have the teachers I.D. And we have the teacher rule I.D. and that is essentially how you go about 353 00:31:57,820 --> 00:31:59,800 creating rules. 354 00:31:59,810 --> 00:32:07,690 Now the last thing I want to cover in this video is how you can go about authorizing a controller based 355 00:32:07,810 --> 00:32:09,290 on the rule. 356 00:32:09,340 --> 00:32:16,100 So we have discussed using author as to say that you are unable to access certain things control or 357 00:32:16,110 --> 00:32:21,150 are the entire controller if you are not logged in. 358 00:32:21,450 --> 00:32:26,140 Know what we want to do is see if you're not logged in on a particular rule. 359 00:32:26,470 --> 00:32:33,030 Then you are restricted from accessing these things. 360 00:32:33,090 --> 00:32:39,220 Now let's say for instance we already have admin who already have teacher teachers usually are the ones 361 00:32:39,220 --> 00:32:42,130 who should be looking at the students and their details. 362 00:32:42,130 --> 00:32:49,710 The admin might be the I.T. guy so admin might not necessarily be able to access all of this and that 363 00:32:49,720 --> 00:32:54,730 that may be a far fetched scenario offensive that admin should be able to do of but just humor me for 364 00:32:54,730 --> 00:33:01,870 this scenario and let's just see that anything inside of the students bunch Schroeder should only be 365 00:33:02,080 --> 00:33:07,170 accessible to people who are in the teacher role. 366 00:33:07,360 --> 00:33:13,720 So on the authorize attributes that is already here on our students controller I'm just going to put 367 00:33:14,040 --> 00:33:21,420 an open and close parentheses and then I'm going to see rules and then you see the intent of census 368 00:33:21,420 --> 00:33:29,650 seeing rows equal and then what's is expecting is a string with the rules that should be able to access 369 00:33:29,820 --> 00:33:37,450 though you can actually have multiple rules here so you can see a teacher comma admin comma as many 370 00:33:37,540 --> 00:33:38,540 as you need. 371 00:33:38,590 --> 00:33:43,370 All right in this case because we only have two users in either. 372 00:33:43,570 --> 00:33:48,560 I'm just going to demonstrate with teacher versus admin so let's go through this again. 373 00:33:48,580 --> 00:33:54,760 A teacher is authorized to access everything instead of this students control. 374 00:33:54,790 --> 00:34:01,060 We already load anonymous on index so that means an admin are not logged in person should be able to 375 00:34:01,060 --> 00:34:02,290 access index. 376 00:34:02,290 --> 00:34:09,640 However if anybody who is not in the teacher role logged in or otherwise attempts to go to details or 377 00:34:09,640 --> 00:34:16,330 create or anything else inside this bunch folder then they should feel no let us test them know that 378 00:34:16,330 --> 00:34:18,310 the application is OK. 379 00:34:18,370 --> 00:34:26,230 I have realized that there is a bug where if you are in debug mode and you're already logged in. 380 00:34:26,230 --> 00:34:33,550 Then when you try to do this operation it will prompt you to log in as though the author as attributes 381 00:34:33,610 --> 00:34:34,500 is not working. 382 00:34:34,510 --> 00:34:40,780 So to make sure that you get the most out of this this I recommend that you log off and you trying to 383 00:34:40,780 --> 00:34:46,480 log in again so I logged off and log in and just show you some changes that I made to the logging process 384 00:34:46,480 --> 00:34:51,110 where I changed the log in from email to username. 385 00:34:51,190 --> 00:34:58,990 Usually we ask people to log in with username and password and in the same vein in the code I actually 386 00:34:58,990 --> 00:35:00,700 updated the sign in managers. 387 00:35:00,730 --> 00:35:07,880 So this is in a column controller and this is a post logging phone function change signing the Monitor 388 00:35:07,880 --> 00:35:16,360 that password signing async to be module dots user name so I updated the log and model of user name 389 00:35:16,450 --> 00:35:23,910 instead of e-mail and the signing function actually takes the user name and password. 390 00:35:23,940 --> 00:35:31,120 So because we're using email as the user name up until know because we added user name as a field in 391 00:35:31,120 --> 00:35:36,370 our registration process we want to make sure that we're sending and with user name and password which 392 00:35:36,370 --> 00:35:39,280 means that all the two users would need to be updated. 393 00:35:39,360 --> 00:35:40,320 User names. 394 00:35:40,340 --> 00:35:45,250 That's not the email address any of those are some changes that I've made so you can go ahead and make 395 00:35:45,250 --> 00:35:46,390 those changes. 396 00:35:46,550 --> 00:35:52,420 But as it relates to also logging in this logging quickly as a teacher and then demonstrate that the 397 00:35:52,420 --> 00:36:00,260 teacher can go to all students which allows anonymous but can also go ahead and go to its details delete 398 00:36:00,380 --> 00:36:05,890 or creates and I'm just middle clicking to open these open new tubs so I can show you that each page 399 00:36:05,890 --> 00:36:12,550 loads as we would expect since this person is in the cart to roll. 400 00:36:12,670 --> 00:36:21,230 No what I'm want to do is sign up teacher and then log in as the admin user and no girls to students. 401 00:36:21,280 --> 00:36:22,440 Which will allow me. 402 00:36:22,510 --> 00:36:29,830 But then when I click on Create new it will prompt me to log in because my admin rule is not allowed 403 00:36:29,830 --> 00:36:32,140 to access this page. 404 00:36:32,290 --> 00:36:39,100 And so the person is love in what they're being prompted to log in again because they're not authorized. 405 00:36:39,250 --> 00:36:46,120 So that is essentially how you can global using rules to control access to different parts of your application 406 00:36:46,660 --> 00:36:53,680 and how you go boating in installing rules and customizing them to your purpose. 407 00:36:53,680 --> 00:36:58,930 All of this is extensible because different people have different requirements but this is pretty much 408 00:36:58,930 --> 00:37:07,050 although the box with minimal code you can leverage Microsoft's existing rules management system. 409 00:37:07,060 --> 00:37:09,650 Thanks for watching and see you next time.