1
00:00:00,050 --> 00:00:00,380
All right.

2
00:00:00,410 --> 00:00:05,930
And once we have the test user in place, like I already mentioned in the previous video, we want to

3
00:00:05,930 --> 00:00:10,680
restrict the access and we're going to do it in the following way.

4
00:00:10,700 --> 00:00:18,560
So in the authenticate user middleware, right after we verify the token, I'm going to create a new

5
00:00:18,560 --> 00:00:21,140
variable and I'm going to call this test user.

6
00:00:21,290 --> 00:00:27,320
And essentially I want to grab this user ID, which of course is coming from the token, and I want

7
00:00:27,320 --> 00:00:31,070
to check whether that is equal to my test user ID.

8
00:00:31,550 --> 00:00:35,420
And of course, if it's the case, then the value will be true.

9
00:00:35,450 --> 00:00:37,280
If not, it's going to be false.

10
00:00:37,310 --> 00:00:43,370
Now, regardless, I'm going to add this to my req dot user object, this test user property.

11
00:00:43,370 --> 00:00:49,520
And then right after that, I'm going to set up another middleware where essentially I'll check if it's

12
00:00:49,520 --> 00:00:53,510
a test user, then I'll throw a bad request error.

13
00:00:53,510 --> 00:01:00,660
And effectively I just want to add this middleware to the routes that I want to protect from the test

14
00:01:00,660 --> 00:01:01,070
user.

15
00:01:01,080 --> 00:01:08,460
Again, the main goal of the test user is just to view the application so the person can come into the

16
00:01:08,460 --> 00:01:14,430
application and take a look at how the stats look like the jobs and rest of the stuff.

17
00:01:14,430 --> 00:01:20,610
But I don't want the user to modify the profile or delete the jobs or even create the job.

18
00:01:20,610 --> 00:01:22,530
So let's start working on that.

19
00:01:22,560 --> 00:01:27,660
We want to navigate to the middleware, to the auth middleware.

20
00:01:27,870 --> 00:01:35,520
And like I said, right after we get back the values from the token, I essentially want to create a

21
00:01:35,520 --> 00:01:36,450
new variable.

22
00:01:36,510 --> 00:01:37,080
And you know what?

23
00:01:37,080 --> 00:01:41,760
As a side note, there's going to be a bad request error, so we might as well import it here.

24
00:01:41,970 --> 00:01:48,960
So at the moment we have these two, but I also want to grab the bad request error and effectively the

25
00:01:48,960 --> 00:01:55,740
variable is going to be test user and I'm going to set it equal to my user ID and now I need to grab

26
00:01:55,740 --> 00:01:58,200
the value of the test user ID.

27
00:01:58,440 --> 00:02:00,990
Now we can get it in multiple ways.

28
00:02:00,990 --> 00:02:05,570
You can obviously use the thunder client, you can log in and get the current user.

29
00:02:05,580 --> 00:02:10,800
You can also log it on the front end or you can simply navigate to Mongo.

30
00:02:11,450 --> 00:02:16,700
And then you're looking for the test user notice this is going to be my test user and then I want to

31
00:02:16,700 --> 00:02:18,220
grab this value over here.

32
00:02:18,230 --> 00:02:23,000
So essentially I want to grab this string and we want to set it equal to.

33
00:02:23,830 --> 00:02:25,450
And of course, if.

34
00:02:26,030 --> 00:02:28,380
They match, then test user is going to be true.

35
00:02:28,400 --> 00:02:30,050
If not, it's going to be false.

36
00:02:30,260 --> 00:02:33,590
Like I said, regardless, we want to add it to the test user.

37
00:02:33,590 --> 00:02:36,260
And now let's set up another middleware.

38
00:02:36,260 --> 00:02:43,070
And if you're wondering, well, how we're going to access the user, well, remember, the authenticate

39
00:02:43,070 --> 00:02:49,940
user is pretty much one of the first middlewares that we have in all of the restricted routes.

40
00:02:49,940 --> 00:02:55,120
So of course we'll add the check for test user after that.

41
00:02:55,130 --> 00:03:05,060
So let's go here with export then const and I'm going to name my one check for test user since it's

42
00:03:05,060 --> 00:03:10,340
a middleware, I'm looking for three things, so req res and next.

43
00:03:11,070 --> 00:03:17,550
And in here, like I said, I'm going to have a condition where basically if it's a test user, then

44
00:03:17,550 --> 00:03:19,730
I'll throw the bad request error.

45
00:03:19,740 --> 00:03:22,220
If not, then I'm just going to go with next.

46
00:03:22,230 --> 00:03:25,470
So req user and then test user.

47
00:03:26,330 --> 00:03:32,570
If that's the case, I want to go with throw a new bad request error.

48
00:03:33,250 --> 00:03:35,960
And let's just write over here, demo user read only.

49
00:03:35,960 --> 00:03:41,750
And then if everything is correct, if it's not a test user, then of course we want to pass it on to

50
00:03:41,750 --> 00:03:45,530
the next middleware, which might be a controller.

51
00:03:45,710 --> 00:03:49,730
And once we have this setup in place, now let's look for the routes.

52
00:03:49,880 --> 00:03:56,960
So we're looking for first the job router and then also we'll add this to the update user.

53
00:03:57,050 --> 00:03:59,270
Now I don't want to add it.

54
00:04:00,260 --> 00:04:07,070
In the server because I want the test user to be able to take a look at the jobs.

55
00:04:07,100 --> 00:04:09,480
Now, we haven't created those jobs yet.

56
00:04:09,500 --> 00:04:11,940
This is something that we'll work on next.

57
00:04:11,960 --> 00:04:13,740
But eventually, yes.

58
00:04:13,760 --> 00:04:18,170
Test user is going to have some random demo jobs.

59
00:04:18,769 --> 00:04:24,380
Hopefully that is clear because at the moment, of course, we just created a user so there are no jobs.

60
00:04:24,410 --> 00:04:27,170
So in here we want to look for.

61
00:04:28,180 --> 00:04:31,060
Our check for test user middleware.

62
00:04:31,360 --> 00:04:32,560
So check.

63
00:04:33,060 --> 00:04:33,980
Test user.

64
00:04:33,990 --> 00:04:35,780
Then let's bring it down.

65
00:04:35,790 --> 00:04:38,400
And now let's go one by one.

66
00:04:38,400 --> 00:04:44,420
So as far as getting all jobs, I want test user to be able to do that.

67
00:04:44,430 --> 00:04:51,900
So I'm not going to add it here, but I do want to restrict access to a test user to create job functionality.

68
00:04:51,900 --> 00:04:58,110
So before we even validate what values are coming in, I want to check for test user.

69
00:04:58,110 --> 00:05:05,490
And remember, if it's a test user, then essentially we'll just spit back this error.

70
00:05:05,730 --> 00:05:10,770
Now, if it's a regular user, then of course everything is going to be correct because test user is

71
00:05:10,770 --> 00:05:14,790
going to be false and we're using next to pass it on to the next middleware.

72
00:05:14,820 --> 00:05:16,760
Now what is in our case, next middleware?

73
00:05:16,770 --> 00:05:18,720
Well, that is validate job input.

74
00:05:18,720 --> 00:05:22,490
And if that is correct, then we finally get to create job.

75
00:05:22,500 --> 00:05:23,820
Hopefully that is clear.

76
00:05:23,820 --> 00:05:28,880
And then one by one, let's add it also to patch and delete.

77
00:05:28,890 --> 00:05:35,850
So as far as viewing the job, the single job, well test user can do that, but he or she won't be

78
00:05:35,880 --> 00:05:38,610
able to edit or delete.

79
00:05:39,190 --> 00:05:42,760
And as I was talking, I actually added to getting a single job.

80
00:05:42,760 --> 00:05:43,330
So my bad.

81
00:05:43,330 --> 00:05:46,150
Let me remove and let me add it over here.

82
00:05:46,660 --> 00:05:51,370
And right after the job, one, I want to restrict the access to update user.

83
00:05:51,370 --> 00:05:54,070
So let me navigate to user router.

84
00:05:54,340 --> 00:06:02,410
I already have here authorized permissions, so I just want to import the check for test user and essentially

85
00:06:02,410 --> 00:06:05,230
I'm just looking for the update user request.

86
00:06:05,260 --> 00:06:08,440
Now when it comes to current user, remember this is a public route.

87
00:06:08,440 --> 00:06:11,950
So of course we do want to access we want to get the cookie.

88
00:06:12,100 --> 00:06:18,670
Now when it comes to admin and app stats, well, remember is going to be restricted regardless since

89
00:06:18,670 --> 00:06:25,120
the user role is not going to be an admin and therefore only here we want to add that functionality.

90
00:06:25,120 --> 00:06:33,160
So let's go with check for test user and let's add a comma and of course we can navigate to a browser

91
00:06:33,160 --> 00:06:34,210
and test it out.

92
00:06:34,210 --> 00:06:36,820
So let me navigate to my application.

93
00:06:36,820 --> 00:06:44,210
This is my zippy, and then if I try to add a job and as I note, of course it's complaining that I

94
00:06:44,210 --> 00:06:49,130
haven't provided all of the values, so let me write over here position.

95
00:06:50,280 --> 00:06:51,600
And then company.

96
00:06:51,690 --> 00:06:56,790
Since I know that it's going to fail if everything is correct, notice the more user read.

97
00:06:56,790 --> 00:07:02,070
Only now we don't have jobs at the moment, so we cannot test again.

98
00:07:02,070 --> 00:07:03,810
This is something we're going to set it up.

99
00:07:03,810 --> 00:07:08,010
And if I'm going to go to profile and do the same thing, demo user read only.

100
00:07:08,010 --> 00:07:15,120
So this user will be only able to take a look at the jobs as well as the stats page.

101
00:07:15,540 --> 00:07:20,160
And with this in place now we can start setting up some mock data.