WEBVTT 1 00:00:01.719 --> 00:00:07.380 Yeah, but with that, that's looking good, hopefully that should do the trick. 2 00:00:07.660 --> 00:00:16.700 Now to test it, I'll delete this database file to clear it and I'll restart the server 3 00:00:16.700 --> 00:00:23.640 to reinitialize the database with npm run dev and then we can give this a try. 4 00:00:25.160 --> 00:00:31.500 Now first of all we need to create a new user since I deleted the database so I'll resend 5 00:00:31.500 --> 00:00:39.220 that post signup request here with my dummy user data like this. 6 00:00:39.600 --> 00:00:46.020 Now I get back a token here as well which I can use and then we can get events. 7 00:00:46.640 --> 00:00:52.840 That doesn't yield anything of course so we can post a new event with the same data 8 00:00:52.840 --> 00:00:59.800 as before, doesn't matter, but with a different token so I will replace that token value 9 00:00:59.800 --> 00:01:11.520 here with my new token, send this and it's stored and now create a second user with test2 10 00:01:11.520 --> 00:01:18.500 at example.com as an email address so that I get a different token for a different user, 11 00:01:19.040 --> 00:01:25.220 might look similar but it's a different token and with that I'll now try to edit this event, 12 00:01:25.460 --> 00:01:31.280 so this event with the id 1 which I just created, I'll use that token of that second user here 13 00:01:32.920 --> 00:01:38.540 and even though that's a valid token and therefore the user will be authenticated, it should 14 00:01:38.540 --> 00:01:44.260 not be authorized to edit this event because the event was created by a different user. 15 00:01:46.520 --> 00:01:50.200 So indeed I get this error, forbidden, you are not allowed to edit. 16 00:01:50.500 --> 00:01:55.820 The same should happen if I try to delete it, if I try to delete the event with id 1 17 00:01:57.000 --> 00:01:59.400 with that token, does not work. 18 00:02:00.800 --> 00:02:09.800 If I now log in with my main user who created the event and I get the token of that user 19 00:02:11.240 --> 00:02:18.700 and I now try to edit it, so if I use that token now for this put request and I click send, 20 00:02:19.280 --> 00:02:25.940 that works and if I get all events we should now see the updated event there, yes we do. 21 00:02:27.420 --> 00:02:33.620 So that works and that's authorization added to this app, making sure that only the user 22 00:02:33.760 --> 00:02:36.100 who created an event can manipulate it.