1
00:00:00,330 --> 00:00:03,600
Okay, so how we can restrict the access?

2
00:00:04,620 --> 00:00:06,060
For a test user.

3
00:00:06,360 --> 00:00:12,480
Basically, we don't want the test user to do any kind of CRUD functionality, essentially read.

4
00:00:13,790 --> 00:00:18,890
Well, we could go back to auth middleware on a server.

5
00:00:19,910 --> 00:00:24,610
So and where it is, where it is middle over here, off.

6
00:00:24,770 --> 00:00:31,580
And then remember, each and every time the request comes in, we check.

7
00:00:31,580 --> 00:00:32,299
For what?

8
00:00:33,100 --> 00:00:34,090
Check for token.

9
00:00:34,540 --> 00:00:35,710
And in a token.

10
00:00:35,710 --> 00:00:36,790
What do we have there?

11
00:00:36,820 --> 00:00:38,560
You have user ID.

12
00:00:39,760 --> 00:00:48,100
We could come up with another property, and if the user already matches whatever our test user is,

13
00:00:48,280 --> 00:00:50,620
then we set that property to true.

14
00:00:51,410 --> 00:00:53,630
In my case, I'm going to go test the property.

15
00:00:53,810 --> 00:00:58,100
And if it's a test user, we can create another middleware.

16
00:00:59,330 --> 00:01:06,470
And if it's the case, then we just return a error.

17
00:01:06,500 --> 00:01:14,300
We say, Listen, this is best user read only, and then we add that middleware every route we want

18
00:01:14,300 --> 00:01:16,220
to restrict access to.

19
00:01:17,170 --> 00:01:19,520
So I know this was a bunch of words.

20
00:01:19,520 --> 00:01:24,100
So let's just start where first I want to come up with the property name.

21
00:01:24,310 --> 00:01:25,630
I'll say test user.

22
00:01:25,930 --> 00:01:28,090
Now what is test user equal to?

23
00:01:28,720 --> 00:01:32,140
Oh, it's equal to use already.

24
00:01:33,040 --> 00:01:36,910
And we just want to make sure that it matches the best user.

25
00:01:37,210 --> 00:01:39,700
So let me go back here to the Mongo.

26
00:01:39,790 --> 00:01:42,340
This is my test user and again, we'll grab the ID.

27
00:01:43,540 --> 00:01:49,480
Now, if you're wondering, well, can we make this simpler and let's say set up with the email?

28
00:01:49,510 --> 00:01:56,380
Technically, we can just keep in mind that when we're setting up the JWT.

29
00:01:57,320 --> 00:01:58,770
I believe it was in a user.

30
00:01:58,770 --> 00:01:59,330
Right?

31
00:01:59,360 --> 00:02:01,610
We only pass the I.D..

32
00:02:02,150 --> 00:02:02,780
That's it.

33
00:02:03,080 --> 00:02:05,360
So this is what we place it inside of it.

34
00:02:05,960 --> 00:02:11,750
So if you want to check the email, whether it matches test user.

35
00:02:12,830 --> 00:02:15,230
At test dot com or whatever value you have.

36
00:02:15,890 --> 00:02:17,660
You also need to adhere to email.

37
00:02:17,960 --> 00:02:22,400
Since I only have the ID, that's where I'll be checking for a test user.

38
00:02:23,030 --> 00:02:25,280
So this is located in the payload.

39
00:02:26,170 --> 00:02:33,010
And then we'll say payload user ID, remember, that's the property over here.

40
00:02:33,040 --> 00:02:39,760
Like so now we're getting it and I'll check whether that is equal, whether that is equal to my test

41
00:02:39,760 --> 00:02:40,090
user.

42
00:02:40,390 --> 00:02:42,220
Now let me move this sucker down.

43
00:02:42,880 --> 00:02:45,850
Remember how we're creating this user object?

44
00:02:46,240 --> 00:02:50,590
And then the second thing is going to be my test user property.

45
00:02:50,620 --> 00:02:51,040
That's it.

46
00:02:51,040 --> 00:02:52,240
That's all we want to do.

47
00:02:52,270 --> 00:02:55,900
So this one will be either true or false.

48
00:02:56,900 --> 00:02:59,240
So now, of course we can.

49
00:03:00,060 --> 00:03:01,650
Create another middleware.

50
00:03:02,650 --> 00:03:06,900
Which basically will check for the property for that test.

51
00:03:06,910 --> 00:03:09,160
User one And if it's true.

52
00:03:09,540 --> 00:03:14,070
Then we'll send back the bad request right from the get go.

53
00:03:14,370 --> 00:03:20,790
Now, if you're wondering whether test user exists, can simply go to any of the controllers.

54
00:03:21,270 --> 00:03:25,200
Let's say jobs one where we're getting all the jobs.

55
00:03:25,200 --> 00:03:25,800
Let me see.

56
00:03:25,800 --> 00:03:27,030
Which rout was it?

57
00:03:29,180 --> 00:03:30,060
This was created.

58
00:03:30,320 --> 00:03:31,670
Get all the jobs, for example.

59
00:03:31,670 --> 00:03:32,120
Right.

60
00:03:32,390 --> 00:03:34,520
So this is in the user object.

61
00:03:35,160 --> 00:03:41,750
So let's go here and let's just log what we have in the rec that usr.

62
00:03:42,850 --> 00:03:49,150
And then let me go back to the Job II and take a look over here.

63
00:03:50,080 --> 00:03:57,790
And if I go back to the server notice so this is my user already, this is what we're using to get the

64
00:03:57,790 --> 00:03:59,880
jobs that are associated with user.

65
00:03:59,890 --> 00:04:02,710
And also we have this one if test user.

66
00:04:02,710 --> 00:04:03,310
True.

67
00:04:04,030 --> 00:04:09,400
So like I said, the next step now is set up the middleware that effectively just checks for that property.

68
00:04:09,820 --> 00:04:12,970
And if it's true, then we'll send back right away.

69
00:04:12,970 --> 00:04:15,610
The bad request won the 401.

70
00:04:15,910 --> 00:04:21,850
And then we'll stick that middleware in front of the all the routes we want to restrict access to.

71
00:04:21,880 --> 00:04:24,160
So it's not going to be for all the routes.

72
00:04:24,160 --> 00:04:28,570
I mean, at that point, then it doesn't make sense to create the test user.

73
00:04:28,570 --> 00:04:33,160
But for certain routes, yes, we'll restrict them to the test user.

74
00:04:33,610 --> 00:04:35,770
So let's go here with middleware.

75
00:04:36,720 --> 00:04:42,600
I'm going to call this test user middleware, and we first want to get the bad request.

76
00:04:42,600 --> 00:04:45,800
So bad request, we just need to remember about the index.

77
00:04:45,810 --> 00:04:46,440
Just.

78
00:04:47,200 --> 00:04:49,990
Let's go over here with us then.

79
00:04:49,990 --> 00:04:52,210
Let's come up with that function test.

80
00:04:52,210 --> 00:04:55,960
The user is equal to rec, whereas.

81
00:04:56,020 --> 00:05:05,350
And next three things, and then we'll check if req user test user, we can clearly see that it is available

82
00:05:05,350 --> 00:05:05,880
now in our.

83
00:05:06,880 --> 00:05:11,770
If it's the case, then we'll go through new and then batch request.

84
00:05:11,860 --> 00:05:15,520
So we go with 400, we'll say test user.

85
00:05:16,950 --> 00:05:19,740
And will add read only.

86
00:05:21,430 --> 00:05:23,500
Maybe exclamation point as well.

87
00:05:23,740 --> 00:05:28,840
And then if it's not the case, if it's not a test, then we simply go with the next.

88
00:05:29,560 --> 00:05:32,830
And now we want to go to all the roots.

89
00:05:33,740 --> 00:05:36,200
Then we want to restrict access to.

90
00:05:36,680 --> 00:05:41,840
So first, I guess let's go to bum, bum bum, bum, bum, bum, bum.

91
00:05:42,410 --> 00:05:43,970
Let's start with jobs.

92
00:05:44,210 --> 00:05:44,930
I guess.

93
00:05:45,820 --> 00:05:46,410
Or you know what?

94
00:05:46,420 --> 00:05:50,620
No, it's going to be faster if we go with our throats because we already have the middleware here.

95
00:05:50,830 --> 00:05:55,080
So let me copy and paste and we'll just say, Here, test.

96
00:05:56,280 --> 00:05:56,670
There.

97
00:05:57,280 --> 00:05:59,470
And then it's not coming from Earth.

98
00:05:59,500 --> 00:06:05,530
Of course it's coming from past years and where we want to place it.

99
00:06:05,770 --> 00:06:08,470
Well, we want to place before update user.

100
00:06:09,020 --> 00:06:09,310
Right.

101
00:06:09,310 --> 00:06:16,180
So first we authenticate the user and then right after that we'll check for test user.

102
00:06:16,270 --> 00:06:17,340
That's the case.

103
00:06:17,350 --> 00:06:20,320
Then we send back the response.

104
00:06:20,650 --> 00:06:25,300
Now here it complains that does not provide default.

105
00:06:26,260 --> 00:06:27,420
And probably.

106
00:06:27,430 --> 00:06:27,880
Yep.

107
00:06:28,180 --> 00:06:30,100
Of course, I forgot to export this one.

108
00:06:30,190 --> 00:06:32,530
My bad export default.

109
00:06:33,600 --> 00:06:35,790
And then we go with best user.

110
00:06:35,790 --> 00:06:38,460
So we export the function.

111
00:06:38,800 --> 00:06:40,830
Now looks everything is working.

112
00:06:42,050 --> 00:06:45,530
So now let's see whether we can update something.

113
00:06:45,800 --> 00:06:47,180
I'm going to go to the profile.

114
00:06:47,890 --> 00:06:51,280
And I my test is and let's say I'm going to try to change the name.

115
00:06:51,280 --> 00:06:53,990
If everything is correct, I should get back to 400.

116
00:06:54,010 --> 00:06:54,490
Yep.

117
00:06:54,700 --> 00:07:02,080
We have a test user we don't like, so we have successfully restricted the access to the test user.

118
00:07:02,110 --> 00:07:04,150
That's the user cannot change the profile.

119
00:07:04,940 --> 00:07:07,160
Because otherwise, I mean, it wouldn't make sense.

120
00:07:07,910 --> 00:07:11,090
So now we simply want to do the same thing with the rest of the rounds.

121
00:07:11,510 --> 00:07:15,770
Now, in the off controller, pretty much everything stays the same.

122
00:07:15,770 --> 00:07:16,420
The author out.

123
00:07:16,430 --> 00:07:18,530
Sorry, we'll just use it here.

124
00:07:18,800 --> 00:07:22,040
We want to add this one, though, to the jobs.

125
00:07:23,170 --> 00:07:24,160
We want to go back.

126
00:07:24,400 --> 00:07:29,500
We want to import it in the same folder so the path does not change.

127
00:07:29,830 --> 00:07:31,540
And then we want to decide.

128
00:07:31,540 --> 00:07:35,710
So we don't want the best user to create the job.

129
00:07:36,350 --> 00:07:38,750
But we do want that all jobs.

130
00:07:38,750 --> 00:07:42,200
So that stays the same show That stays the same.

131
00:07:42,410 --> 00:07:43,400
But in here we go.

132
00:07:43,430 --> 00:07:43,710
Test.

133
00:07:43,730 --> 00:07:44,330
User.

134
00:07:45,070 --> 00:07:46,390
As well as over here.

135
00:07:46,670 --> 00:07:50,950
First user, let's say this and now let's check it out.