David Tang

Assignment 7

For this assignment, scaffold a new Laravel application called "assignment-7". Copy over the code for the Albums pages (Albums, New Album, Edit Album) either from Assignment 4 (which uses Eloquent) or from the class demo (which uses the Query Builder). You will be adding authorization to these pages using either Gates or Policies. If you copied over the Albums pages from Assignment 4 (which uses Eloquent), then your authorization logic can leverage Policies. If you copied over the Albums pages from the class demo (which uses the Query Builder), then your authorization logic can only leverage Gates. Because we covered both approaches in class, I'll leave it up to you as to which approach you'd like to use in this assignment.

You will also need to set up user roles like we did in this week's demo.

Require Authentication on Albums Pages

Update the Create and Edit Album routes so that only authenticated users can access them. Also, hide the "New Album" link if a user isn't authenticated. You will address controlling the visability of the "Edit" link later in this assignment.

Tracking Album Creators

Update the albums table with a foreign key column called user_id using a migration. This column should be nullable. This column will be used to keep track of who creates albums.

Create an admin user in your users table with the email admin@usc.edu and password laravel if you don't have one already.

In your database, write a SQL statement to update albums.user_id with the id of the admin user.

Update the New Album page so that albums.user_id is assigned the id of the authenticated user when an album is created.

Update the Albums page to include the name of the user who created the album.

Authorization for Editing Albums

Update the Edit album feature to only allow users to edit the albums that they created. Also, any user with a role of admin should be able to edit any album. Be sure to add authorization logic to the following:

  1. The edit and update methods in the AlbumController.
  2. Hide the "Edit" link in the albums table if a user can't edit an album. That is, the user is neither the creator of the album nor are they an admin.

If a user isn't authorized to edit an album, redirect them to Laravel's default 403 page.

GitHub Classroom Submission

https://classroom.github.com/a/i8S2rYo-

Please read the section on Git, GitHub, and GitHub Classroom on the class welcome page if you need to refresh yourself.

David Tang
Check out my book
Pro Ember Data
using my affiliate linkPro Ember Data cover