1
00:00:00,180 --> 00:00:00,540
Awesome.

2
00:00:00,810 --> 00:00:03,540
And once we're done with alternative approach.

3
00:00:03,810 --> 00:00:07,200
Now let me showcase why we would want to check for permissions.

4
00:00:07,710 --> 00:00:09,870
So at the moment, life is great.

5
00:00:10,320 --> 00:00:15,780
I'm logged in as John and I can successfully update my jobs.

6
00:00:16,830 --> 00:00:19,590
Take a look at all the jobs, yup, I have Google Earth.

7
00:00:19,920 --> 00:00:26,520
So if I go back to the job and then if I go with Google or Apple or whatever, everything is going to

8
00:00:26,520 --> 00:00:26,760
work.

9
00:00:27,300 --> 00:00:33,060
But here's the major news you in our setup where if I go here with logging user.

10
00:00:34,120 --> 00:00:38,770
And if I'm going to go with Peter and if I send and get back the token.

11
00:00:39,190 --> 00:00:48,510
And if for some reason I have access to John's job, Javadi, I can actually edit it and go here with,

12
00:00:48,520 --> 00:00:50,840
Wow, this works.

13
00:00:51,580 --> 00:00:52,420
Technically, it shouldn't.

14
00:00:52,860 --> 00:00:54,790
So if I send it back here, notes have.

15
00:00:55,120 --> 00:01:00,010
While this works now, I'm not going to be able to get, of course, John's jobs.

16
00:01:00,550 --> 00:01:06,340
Clearly see that I don't have the list over here, but I can clearly edit John's jobs.

17
00:01:06,500 --> 00:01:08,410
And let's talk about why is that happening?

18
00:01:08,860 --> 00:01:16,150
Well, if we go back to our application in the, we can clearly see that we're checking for authenticate

19
00:01:16,150 --> 00:01:16,510
user.

20
00:01:17,020 --> 00:01:18,040
So here's the problem.

21
00:01:18,730 --> 00:01:20,980
Beta is authenticated.

22
00:01:21,340 --> 00:01:29,950
It's a valid user, but he should never, ever, ever have access to John's jobs and edit them.

23
00:01:30,610 --> 00:01:34,600
Now you can make an argument where, OK, but why don't we do it?

24
00:01:34,870 --> 00:01:39,460
Like with get our jobs, we're essentially not only I look for a job.

25
00:01:40,560 --> 00:01:44,350
We're here where I say underscore it is equal to job 80.

26
00:01:44,660 --> 00:01:50,150
But I also want to add here created by basically two options over here.

27
00:01:50,690 --> 00:01:52,400
And technically, you would be correct.

28
00:01:52,850 --> 00:02:00,140
But what about the situation where of the admin wants to modify something regarding the content?

29
00:02:00,860 --> 00:02:04,550
So imagine if I have admin Susan now.

30
00:02:04,580 --> 00:02:06,140
She did not create the job.

31
00:02:07,180 --> 00:02:15,310
So her idea is not going to be equal to the created by and if, let's say she wants to access that job

32
00:02:15,610 --> 00:02:17,380
and added she won't be able to.

33
00:02:17,860 --> 00:02:25,360
So yes, in our scenario, that would work where I would say, OK, get me not only the job based on

34
00:02:25,360 --> 00:02:30,370
theory, but also on the user I.D. and not worry, Peter won't have access to the job.

35
00:02:30,670 --> 00:02:33,220
But again, it's not going to work if you have the admin.

36
00:02:33,700 --> 00:02:39,190
Now what is a better approach that is to set up permissions where long story short, we're going to

37
00:02:39,190 --> 00:02:46,810
do something like this, where I'm going to check the user I.D. available on the record user and whether

38
00:02:46,810 --> 00:02:53,860
it matches the one in the job, whether it matches the user I.D. available in the job.

39
00:02:54,250 --> 00:02:56,830
And this is what we're going to do in next video.