RUBY ON RAILS API - User authentication and authorization

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

it is thursdays that's a ascension day here in sweden and i'm off work which is a weird feeling um my my family is still asleep which is also an odd thing um because it's you know almost 10 o'clock not really but still um and uh i just can't you know i can't help myself i i i i feel like you know coding a little bit so let's let's code and i have a few friends or dare i say that i don't know i have a few colleagues students with me not sure if they would um agree on the term friends today but we'll see about that can you say hi guys so i can just check if if the saudis working uh the chat the sound is not working so let's check that hold on a second so we're just gonna say sound here uh hello ut61 uh did you abandon um the other stream for for us that's nice that's nice i think you're going to have to talk a little bit more guys why is this not working really this is now i hate when this happens uh well perhaps you won't be able to join in let me just check my sound settings here one last time otherwise we you're going to have to chat with me on stream let's see there you go now if you say a few more things now now now you are there good stuff all right so we got that one out of the way what are we doing folks we are gonna develop a piece of functionality that deals with authentication and authorization and we are in the domain of um what uh of ruby on rails right now no i cannot you can join me on stream i am there and you should be sharing this you should be seeing my screen on twitch right yes yeah thank you um no because i can't do that because if i do then my my performance will go down a lot so you're gonna have to uh to check this stream today unfortunately uh not everyone is there because only but you will hopefully join as soon as possible all right so uh we have a fantastic application that is called fake news api right and i will fork this this one and make sure to set it up on my computer uh right let's move this over here and we're gonna do cd projects and then we're just gonna clone this baby down and so we will work on a shared code base which means that you know i forked it on on github and i just gonna do git clone to my localhost and cd into this guy and do run bundle and in the meantime i will just navigate back to this grab this code this url sorry and and and and git remote add upstream and just add this one guy and we installed bundle we installed all the dependencies awesome so we're gonna do rails db create and db migrate and i could do db setup but i did it uh differently uh i'm slowly approaching red x in my project i guess i'll get to know a bit earlier with this stream i already got my hands dirty with lifting right right uh today we will we will work on ruby on rails uh totally on the back end not touching uh react perhaps later today i don't know perhaps you guys want to do some react development as well who knows now i'm just gonna run through our spec to see if we are good to go right right there's a there's a small mistake in the in our spec file it's dot spec it should be underscore spec right that's why you don't get everything right did the title did the title say react on on my stream says redux i think does it really redux yeah oh i changed that that's okay so my stream thing is oh gosh uh that's not cool i'm sorry about that um all right i'm just going to update this as soon as possible i did update it before i uh i i stream but then my obs software overwrote that and uh you know it's a mess yes uh right okay good so sorry lucas you were saying that there was a small thingy thingy what's up yeah in our uh in our spec request spec we have a dart spec instead of an underscore spec which means that doesn't get picked up by ruby when you do our spec now all right so we fixed that later but but not in i can fix it now is it okay if i fix it exactly okay uh so i will just check out and so then there's also should have valid factory so you're not copying and pasting code now are you people what no no no right that's good because it's this this this message here is like uh like taken straight out from our documentation but it's okay well we're re we're writing it yes we want to use the is expected tools format that's true yeah right no it's okay you know i mean i copy and paste sometimes and i don't admit it either you know that's okay [Laughter] you see i you know when when my kids were growing up i i used to tell them when they were lying to me i said guys boys never a bullshitter okay right okay master of clickbaits yeah that's me that's me uh right let's see uh the what what did i do oh what did they do oh oh wow wow the disco isn't it right yeah let's change this i'm changing colors on my terminal i happen to touch the touch bar on my on my computer never mind now let's move on um we are uh we are looking into a pivotal tracker story right so there is actually a pull request already on this one so i will i will just um uh code up an alternative version and we'll see what's up so api allows journalists to sign in to access dashboard right to access dashboard okay uh we wrote it a bit right and you did rewrite it how did you rewrite it before it was api supports admin authentication or general right right right is it okay if i if i just like for the sake of this demo you know we we we will produce a little bit of code but i will just break like pretend that this didn't this doesn't exist yet okay absolutely right so what i would do here probably is to write um let's let's just create a new branch let's go technical first so git check out a new branch and then i will just call this branch user or yeah role based authentication authentication role-based authentication okay and i'm really gonna improvise this a little bit so bear with me okay and perhaps you can pick up something and also ask luke where is he uh i miss him right let's open this one up here right uh oops no that wasn't what i wanted to do i wanted to make this larger right so we have something like a request spec here that is not being picked up uh so i'm just going to rename this to an underscore right and i'm just gonna run this yeah why is this showing up do we know that unresort no we don't that's okay uh let's just do jam clean up and let's run this again and see if this still could hold up it does okay it's not a biggie but it's just a warning right i'm warning you thomas okay let's go to the model spec and just go here articles back and then we just do here is expected to i like this this is nice this is nice all right that was my son this is nice this is very nice uh this is very nice awesome uh two for uh success is returned right to have length len is this properly spanned okay perhaps it is right okay good stuff all right okay okay so so let's let's start writing on on let's start writing a spec here so so we can we can say that something that can can allow creation of articles of articles based on user role underscore spec dot rb right so we are taking it down the the line of creating articles well we will not actually create an article yet but we will just allow for it to happen do you understand that's my my my idea here okay okay because on the on the api side you don't really you don't really uh so there are there are different ways of approaching this but on the api side you don't really see a dashboard or anything like that because there's no user interface right sure of course but what we could do is to we well we could we could take another path actually because so so the interesting thing here is that you are working toward one yeah let me put let me talk you through this idea you were working toward one api using two different clients right okay so one way we could approach this is to say that if you are uh trying to authenticate using a client that is the admin client then you should be prompted for well you should be allowed to do that if you are a journalist yes and if you're trying to approach this from a different type of client like you know not an admin client then you are not allowed that would be actually the lowest lowest hanging fruit to be honest uh here well yeah i mean that makes a lot of sense but we couldn't really see how to because we thought we had to that's another question the how question comes lately i don't even i don't see how to either you know i just came up with this idea i have no clue how to do that right but that's that's that's another another another thing we can figure it out probably so let's do that uh so let's rename this spec file can allow authentication can can authenticate use user you can authenticate based on user role and source okay and client source yes so we will take into account two different two different uh two different things we will look at the user and we will also look at where is does this user come from yes that that would be uh actually a nice thing so let's see our spec describe uh and so we are making a post request right to the api out that's the that's the route we will we will uh look on okay and so let's think about you know the users that we will work with in this entire test block and this is how we how i approach this these things right uh so we will say let you know should we call him regular user right and that would be create a user out of the box we can say i don't know we can say roll you can perhaps consumer or something like that you know that would be the reader so so for those who are not familiar with the with the domain here we're building an api that will serve uh uh news articles and stuff for regular users uh so we're building like a like a news site but we're also building an an interface or a system for editorial um you know for for the for the editorial staff to actually produce uh news and stuff like that anyway so this one will be a journalist right and that will be create user and we will say roll uh your list journalist okay so if we if we have these two guys so we could have a describe block we can have a describe log for uh you know as a consumer and then we could have another describe block as a journalist right right okay so in this thing in this describe block we will do a before action why do i not get no no no i did not uh well right sorry i forget where i am i thought i was in javascript i'm also tired i know that yeah okay so we can do we can do a post request to the you know api out path and then we will send in some params right and the params would be uh you know email that would be something and then password that would be something right uh and we're gonna do the same thing here uh so we're gonna we we need to be in control of this so we're gonna send in that to our factory as well so i'm we're using factory bots to create that this these are set by default but in this case i want them to be actually defined by me so i'm going to say email i'm going to say you know ordinary guy at random.com right and password we need to set a password or his password password or something uh in the oh we don't have a factory yet okay so but we just want that uh that thing and here we want to say uh pulitz price res you know guy that's the name of the of that of that award for the surprise right that's the journalist at random.com okay so this will be two those two roles so here i want to just log in as the uh ordinary guy and here i want to log in as the pulitzer prize winning thing and we're just going to set password on this one as a random thing and i'm gonna set this in in in the factory okay so but you see my idea was that we were to to tell um tell our application where we come from right so we will say source admin dashboard or something you know admin system or something right uh and i'm gonna do the same thing here uh pretty much right so i'm just gonna send this off as parameters right you're saying something kim or i don't know if you're saying it to me or you need another meet or no you're moving your lips but you're not talking to me okay cool uh does that make sense so so we will tell this guy that we're coming from the admin system right which means that we will probably have to write another spec where we are coming from like uh you know um like the new site or something like that yeah public client or whatever we want to call this right right right right so then we just say it is uh well we can just do this expect a response to have http status for what is it 401 on unauthorized or 402 or 401 401 is that's unauthorized right okay and so this guy would have uh uh well to start with we can just do 204 do you understand so so i mean i'm going to change that later but 204 means empty response right yeah i can change that later but let's let's let's start to run these things because this is enough for us to uh to uh actually start running the tests we have two diff you know we have two different roles and we have you know uh two type of responses you give them the same source and you unauthorize one of them and you give yeah because the ordinary guy shouldn't be able to log in even though they both exist this guy should not should not uh should not be able to do that yeah okay so interesting uh is eva asking me questions right now in the in the in slack for his stuff i it's okay but i'm in the middle of a stream so he's in his own bubble with it i think okay oh it's he mentioned you as well so that's okay you're also here now so let's let's pay attention to this one and so so i would actually like you guys to pay attention to this one because i'm i'm doing things that you haven't done before so it would be i don't know but it doesn't matter you can share that knowledge later i guess all right let's uh let's run this uh so our spec spec request specs and uh api user can yeah api user can what can not can can authenticate right so let's run this i really this really bugs me out right okay so factory not registered user okay so we need to let me just move this out of the way uh and we want to do that so we're going to add a gem and we're just going to do this gem device token out here we will add it here and bundle up and we're gonna do we're gonna do something right we're gonna run uh what is it just you know yeah rails generate rails generate device um i'm not did you add the gem i don't think we did it i i did that i just did that okay okay sorry that's what i mean you know if you're with me then you're uh that's okay you know i like it you know i love you you know api so this is the oh slash right he shouldn't have to put in an empty object in the root reducer he shouldn't be putting anything in the root reducer uh actually i think uh i'm not there so i should probably shut up i don't know yet right so here we are we have we created this initializes device token out we probably need to change a few settings there control this application controller g sub routes right so we're gonna change that and we have the migration and we have the usu just to raise we can do rails db uh migrate first do we need what role and stuff or will you add that we will we will add that uh and we're gonna go right right so we need to change this guy uh we're going to change this guy to include or is it include device the instant extend right extend device model right or what is it yeah i think it's device model but i'm not sure give me one thing yeah models okay and we wanted to delete something from the migration as well uh to be now that i remember uh so we want to what was it we wanted to remove something here right or do you want so we nickname and stuff i think user info right so we can actually modify this now so we wanted what was it we wanted a roll right um now the question is so i shouldn't do that actually here uh i'm not going to do that here i'm going to create a new migration because otherwise it's going to be hard to follow right so i'm just gonna remove this uh provide a research confirmation but there was wasn't it shouldn't we remove the the confirmation stuff or something no um i don't oh perhaps usually we just add these uh these things that i sent i sent them slack you did yeah yeah um i'm sorry but i am usually cop pasting these no it's okay right yeah we need yeah yeah yes because this is a problem right right right that's okay i'm gonna copy paste this as well uh so we're just gonna change this right i remember this now it come it's coming back to me slowly but it's coming back to me so let's see if we can run the migration now um it did but we're running uh yeah so jam update blacklist unsafe attributes for civilization can i do this right okay uh in the meantime where was i right so i should just be let's run this no not the entire thing oh god i'm just i'm just gonna run this one and we should get another error message now or not factory not registered for user okay thank you right because we need to write no factory for user why not why is there no factory for user shouldn't the device token off generate a factory for us no it does it didn't do it for either apparently right factory bot define uh what's that right [Music] do and story user factory user do right something like that or what i haven't written a factory in ages right and then we just do email and then we just do you know random at random.com and password will be password will be password right okay so now we should huh i think you might need confirmation also for creation we'll see this bloody heat on what is heat on what is he right so we have a undefined method role for user id okay so we are not we can't use this this factory yet because we have a role so we're just gonna do um and really this is this is really weird because there's something not quite okay with the with the setup you see i didn't get a model spec either do you understand so there's something not not quite correct here i should be able to get those those specs let me just check that for you if you were a little too uh too thorough in the application rb helper router request specs controller specs no you did set up everything here i mean we get the model and the factory with a normal generation with the article really but not with the device token right that's weird right oh well it is what it is right so there is actually a generator for that uh so uh let me check that rails g so i don't have to tape this myself because i'm lazy uh right rails g horseback model user let's try that rather it's a conflict uh it creates a factor too yeah it creates a factory too right so i'm just going to say node right because i already created the factory so now we should get a model users there we go there's sorry here right right and again we don't need this at all and we will say so describe db table and that will do it it is expected to have db table uh i'm just going to say roll because the other things are are there already i know that of type of type integer and we're just going to say describe db column yeah column column column sorry sorry uh and here we'll say describe uh factory uh it is expected to have a default factory the reason i'm saying default factory here is because i'm going to probably create subfactories for for consumers and and and and editorial stuff later uh but that's that's that's a little bit of pretty much your optimization in this case but uh i just kind of it's just a message so so we will say expect uh expect create user uh to be valid can we say that can we say that i don't know let's say that so let's do r spec spec models user no yeah yes because this one is is passing and i didn't add a role to it yet so yes okay but this one is succeeded have a db column so now i do derails generate migration and then we say add role to users and then we're going to say role integer right and then we're just gonna do rails db migrate and now we just run this spec again and we should go green on this guy now yes okay so now we should go green oh no sorry not go green but have a different error message on the acceptance and this is you know you've seen me do this before this is the jumping from the outer circle into the inner circle of of this this thing um you know when you look at tests basically right so right uh so expect the response to have http status 402 but got 422 unprocessable entity uh right 422 422 right right it got an unprocessable entity and a unprecessible yes request okay so we need to to do a bit of an override here okay so uh we need to take a look at the device token out uh jam that's the interesting part that's the interesting part yeah right so here we can see that that the app has some controllers and we have a sessions controller right and that would be the device token out session controller so uh the way we override that we we want to use our own controller basically and the and the create action of that controller okay so the way we override that is that we we gonna create uh um right let's see how i kind of go about this properly so let's clear this up and do rails generate a controller and we're going to create that in the you have an api right you have an api namespace it's not really necessary to have the api namespace but it's okay i can we can we can work with that because you can have a namespace we talk we tell you a lot of things but you know there's no no no one single way of doing doing stuff but it's okay you know we're going to go for this now so we're going to say api and then we're going to call this guy sessions controller right so just to avoid making any things i'm going to avoid that sessions controller so i'm going to create that controller but i'm going to inherit from i'm not going to inherit from the application controller but rather from the device token out sessions controller you understand and then i'm going to create a create action and i'm gonna go just set a binding pry here and then i'm gonna call super on it and i told you about the super class before when we talked about ruby so super will will basically look up in the in the inheritance chain and just continue to to execute the code on any other method that is named the same thing as what we are uh overriding and that is possible because we are inheriting from the device token out sessions controller yeah but we need to tell our application to actually use this so we need to go to two hours setup dammit where are you where are our routes jesus it's early in the morning now it is not early in the morning thomas right so we're gonna say controllers here and we're going to say sessions and that would be to api sessions right and so now when if this works i'm overriding the default functionality saying that do not use the the sessions controller for for from device token but rather use my own controller so this is also referred to sometimes as monkey patching the thing all right so let's see if this actually worked and there is one and only one way to check it to be honest and that is in in test environment right so we're going to run this acceptance test or request spec or whatever you want to call it and nothing worked so that didn't fly control decisions api sessions session session session session sessions right why not well because i did something wrong probably right so uh device over or use on controllers use own controllers device [Music] yeah that's exactly how i did that that's exactly how i did that do i have to say those two dots here before why would i have to do that it is the create uh no okay hmm a bit of mystery isn't it at api controllers and that's exactly how the how we say huh you have to put in path there might [Music] no but the path that's that's at you know so you mean like if i change this but that's that's not i that shouldn't be it i'm gonna try it just because so i don't end up like a schmuck and that is this after two hours of debugging no okay no route see now we don't get a route either all right right so no that's not it um let's have a look perhaps there's a different setting for this a documentation where the boundaries here's a demo sponsors where's the docs there's no docs are you right there must be some dogs yeah if you go up here i think there and that holder is up to go up there it is instead of password there is security usage config let's have a look at the config course device um right there usage yeah inside of usage there is one called overwrites oh really there you go let's have a look at that there we go nice yeah that's what we did yeah it's really good that's exactly what we did overrides yeah divide the device talk that's exactly what we just said so is that let's so the way are we overriding the wrong con controller then we must be overriding the wrong controller registration session took talking about omniauth passwords registration session sessions it must be sessions what else could it be and it must be the create should we just override the new let's do that the create no sorry if new perhaps i'm just uh doing it wrong here let's run the test again on line 14 so we don't run both of them no um i mean did i miss spells creates no sessions controller session device talking office there this is uh this is a mystery to me he has it in a folder called overwrite no well but i am pointing to api so it's it's i don't have to have overrides sessions did i misspell something here api sessions and you have pry installed right yeah so let's just remove the super for for the time being no um right application arm [Music] right let's have a look again on the routes we were missing this it's like a very very small thing somewhere that we just mount device token out for api health control controllers sessions api sessions api sessions and how did he do that here on the docs usage overrides mount user for user right at auth right and we're just doing that and the controllers took registration run the new error rendering right sessions sessions and api sessions right so this is device token or registry but we're not registering right i mean this is not a registration thing is it we're just logging in right that's just oh no this is oh it is it is the the wrong path we're looking at this from the wrong perspective it is sign in we are hitting the registration path what does that no we need to make a post request oh we need to make a post request to to um because we're doing a sign in now or yeah okay this is this is not a registration now we will be in that method yes of course this is the signing okay good call all right so we have params and we are imitating the password source admin system right okay so so right uh so let's have a look at okay so we're in the right place now that's good resource do something resource right so we can now take a look at that controller what is it that they are actually doing in that controller so we just go to the sessions controller and the create action is quite big so we need to create a review so let's see what this is doing for us we're just going to go from the top and and exit and see what what these functions are actually doing for us right so this one needs to be there so we're gonna add that um i don't really know what it's doing so far we can cut away some code later uh so we can just remove this we're gonna do this and then we will say uh field resource param keymaps to sim resource class right authentication keys okay authentication cases by may so we're going to say resource equals resource user find find by email 5 by and then field field and params field to sim to symbol right let's see if this works so field is email right so we would just say find by this argument type email image symbol so okay so field field is email and params field to sim oh we don't need that right so find by so why wouldn't why wouldn't this work so feel to sim or we can simplify this without to sim i guess right so params field but why wouldn't find buy work for me and now you go like oh i would never have done this well you know we just chose this we don't have to do this this way because we but we chose to to look at the source you understand that's why we need to override this these things there are probably a simpler way to do this find resource what is find resource can we say that find resource find resource find sorry uh right so we have find resource field q value what is f q value well we can just reuse this e field isn't this what you would use to super for yeah but i want to but yeah i don't know no no no you you're right but let's see what could get case sensitive feel from resource params field get but the thing is that we need we need the resource first before we even call super on it uh you see you know why this they are doing this get casey insensitive field because sometimes users have a tendency to type the email with a capital letter in the beginning and that's you have to normalize that probably right that's i that's my theory at least so we're just gonna uh we're just gonna [Music] uh say this this and then find resource so now we should be able to find the resource right we got the resource now so we're just going to use the same thing here and now now we will say if if resource is a consumer and params i'm just going to hack this together now params source equals equals uh always we call it admin admin system right if this is admin system then we need to just get the out of dodge do you understand uh and how do we do that in a nice way way you know um so we just get get get out get out right uh so how do we do that we do that render create error we can say just run the creator about credentials you understand right we we can probably get do something else about it else else we just use super and you just pass in the resource hopefully and this will this one will complain about this now so we're going to get an error on this consumer because we haven't set up the enum yet you know i was thinking doesn't it make more more sense to to turn them around so if if it's a journalist probably probably otherwise everything else would get out of because i feel like right we could probably do that let's let's get this one to work and then we we we work on that absolutely uh right undefined method consumer and that's pretty cool because the only thing we can do is to write a spec for this um there is a shoulder matcher for this i guess let's see define enum right right defining a match uh so uh should define enum4 right with values i love it look uh we can use that with values define enum4 okay so we should say go into the model spec users spec spec spectrums [Music] describe role and then it is expected to define enum for role with values and we can say you know consumer would be one and your null list would be two for instance right we can change that later or something right so if we run the one on line six uh we had that here right this should fail for us now yes so i'm just going to be very lazy here and i'm just going to say where am i yeah here i am on the model uh in um roll is that how you do this i think so right let's try it well the best way to figure out is to run this back what is it perhaps no comma yeah no comma no comma let's try without the comma i think roll roll colon could be let's try that yeah yes okay good so it's a good defined role as an enum back by an integer value of consumer one that's great so those one liners are beautiful and i actually just for you fyi i have a yeah um i have found a way to write moca tests with this kind of of matchers so there's like you know very similar matches for for javascript testing as well uh right so now that we have that let's run this this baby uh and yes i need to add a question mark here to that sessions controller forgot about that so let's do it again right hey hey wait for one oh because it's bad credentials then it's automatically yeah uh that's not bad super right so that i'm just doing doing this wrong let's have a look what did he do when he override this thing uh we are like really nearing the end of this now people we're very very close now uh that's beautiful folks super due something next but why why what really just a super yeah yeah let's just try super on this one let's keep it as simple as possible it was 200 okay so he's not responding with 200 okay so that's uh he is i am not in control of that response so i just gonna change my my thing here this this should be 200 you know at this stage okay okay yeah yeah because i i am not in control of what we are rendering here do you understand uh so that's that's that's the thing uh so we are effectively at this stage blocking the access to this to this thing that's actually really cool i'm not i'm a bit worried about hello luke and silva i'm a bit worried about about these these controller warnings uh line 13 yeah so this is connections config is deprecated so this is not us it's that it's not it's not me it's you or vice versa i don't know uh so on issues we're just gonna check this can we have a new version released please so we're not the only ones facing the same issue here so we're probably going to have to to this have been fixed on master so oh so oh right so we can well we can fix that uh we can fix that we can fix that we can fix it i'm going to show you how we can damn i sound confident now right because there's it's like a massive risk that this will actually fail you know and i would stand up with my dick in my hands and not know what to do so let's just go to the gem file and we do command git hub this and then branch branch master is the master branch yeah master master master right so we're just gonna do uh bundle bundle update uh the update and just lazy copy this because i always misspell this guy there we go so now we're not pulling it from the released version but rather from the master version hopefully we downgraded wow that's weird that's really weird perhaps we should have been done doing this thank you but we boom you know we fixed it um right no more warnings uh right so anything else that was that was pretty damn cool actually right yeah so that's it that's it that's the story and now we know that if you come from one source then you can't do this and now so let's have a look at uh uh let's say that so okay um describe now let's you know what let's let's let's do a commit first okay let's uh let's do a commit git status right get uh get ci am allows users to into into the system bay from based on role if a request originates from admin atom what would we call it admin system what did we call the admin system right admin system uh system like this and then the next one would be allows you to enter the system based on role if if request origin is from you know whatever whatever system what should we call it uh the uh the consumer facing public site i guess okay publix yeah admin system and so we're gonna move these guys over there right and then we're just gonna copy the entire thing and i'm going to say public system right can we say that yeah i think so i think that i mean right so we're just gonna change that and we should allow all of them in right both the journalists we should probably give him free access to his own newspaper right and so these guys should work out of the box yeah they work out of the box so we could of course elaborate in with with this setting here which this conditional so so this is like um moving forward like if we could uh i don't necessarily agree with lucas lucas is gone now because he went to the bathroom but i'm not agreeing with him anyway because i i think this is the corner case right the the the one that should be pro at this stage we have a journalist and a and uh consumer and i would say that the consumer should not be allowed in into the admin system uh so that's how why we are we're getting the out of dodge basically right and um so so uh lucas had this idea about flipping this around but then uh let's say and i i don't want to go into too much pretty much your optimization here but let's say that you have another role editor and another assistant or whatever you know the only people that should be prevented from entering the admin system would be the consumers right so i'm making an argument argument against you lucas uh right yeah i just i took the opportunity while you were you know away for a sec um but uh no so so i i wouldn't actually flip this around i i see what your point is but let's let's play with the scenario at least for now uh that you have a consumer and you have a journalist right and we we are we're preventing the consumer from entering the admin system so that's why we want to actually spell it out here uh that that this this one is is is you know if this evaluates to true then we render the create uh create error basically uh because you know also later when you have other roles and so on that that this is the one that should be prevented i mean there will be multiple roles but they they should be prevented from entering this this site so i would actually keep it like this but when we get for example a subscriber question mark then we have to add that in there yeah yeah we could we could say uh resource subscriber absolutely now the thing is that later on this should be dealt with by pundit you know and on authorization library rather than having a lot of of checks in your own code do you understand so so but i i it's out of scope to install that at this point so sure sure but but i just while you were taking a leak because that's i assume that that's what you're doing i just added this public system blog and we are allowing uh both the consumer and the journalists in and we're pretty much done with the story right so i was i was thinking the public system for our pr at least that would be out of scope because because we don't even have a public client or a public user so so i would agree with that um this is a bit of a corner case i we can remove this but for like for testing purposes i would say you're right you're not wrong right but in any way but i would say like a telephone the only way for you to actually test if a telephone works is you can actually place a call this actually means that there must be at least two telephones in the world for you to test that that that phone because otherwise you will it's just theoretical and in a way i would say that this applies this logic applies to this one as well you want to now but well now actually i'm when i'm saying this out loud it's enough with this thing so yeah i can probably remove this public system from from this this thing uh if you want i can remove that well you can leave it in um it's just are you sure well for for our benefits are you speaking for the entire group well i then i'm gonna leave it in so you know sometimes rules are to be broken i guess i don't know but yeah so so this is pretty pretty much it in you know now that i think of it uh what we did here even though we had to overwrite a bit of device token health functionality i still think that this is the lowest lowest lowest hanging fruit uh in terms of of uh author authorization uh that is role role based uh i improvised this a little bit never done this before uh but now that i see it i think uh you know very humbly this is a great uh solution yeah no we were talking about this a little bit yesterday like okay we have to i guess go and overwrite but then we were just met you know by a incompetent blogger you know we had no idea i got it so so the lessons learned here is that everything is overwritable yeah right so so because it's a it's such a modular system and you you can always tap in into into into things that that that you you use and and if you use class notation in javascript you can you can use uh similar you know similar things um in in in javascript not exactly the same thing but similar um no so so yeah um and and you also got a taste of this tdd bdd uh approach uh you know the acceptance unit test cycle the these this is what kind of makes it into a feature in my opinion because you you actually have some sort of of interactivity the thing that you submitted yesterday was good in technical terms but it was that's what it was it was a technical thing uh it was a chore it wasn't a feature a feature needs to have an interface uh because it it it brings value or or an effect on things right so so yeah no i agree from public system right right and so git push origin role based authentication and now we got this thingy so we just do open like that and i will leave it up to you to to deal with this this is a gift from me to you guys on ascension day i will be i hope you keep me in your prayers but i will i will give you the ability to to you know recreate the story or modify your story and do whatever you need to do with this this thing but this is the this is the solution i could come up with uh kim did you learn anything by this session um that net.net has some deals and the happy success collaboration with minecraft all right here yeah i got commercial so i uh so so look you you're the expert here on on twitch what can i do to limit those commercials well i didn't get any what the i don't know if you can limit them you can either because if you don't play them by yourself twitch takes over and they there's something you've got to there's you can read their documentation about how often they expect you to send them i haven't read in a while they might have updated it there is ad blockers out there but this but it's finding the right one that twitch doesn't detect um but other than that yeah it is what it is uh they can have there's there's some that are onboarding adverts so like when you join the channel it um it gives you an advert and it usually keeps you going for a while but that's in the setting then uh yeah i need uh i haven't been on twitch in a while streaming so i need to okay read up about it again okay other than that if you've got an amazon prime it's just a little subscriber yeah yeah if you guys are have amazon prime then please subscribe uh i did turn off them for subscribers didn't i i so you're not getting them look right uh no no i don't think so no i would have to say yeah so you need to subscribe people i'm sorry about that all right i hope that that this was valuable to my my streaming guests as well but david did you learn anything today yeah sure and the commercials too but yeah of course i did kind of make stop right now because we are on the front end but yeah i did it well you'll be jumping back and forward probably right yeah yeah right now i mean right uh let's let's lose the commercial discussion now at least there did you learn anything apart from the commercials i know that you learned a lot about nettle metal i already know that so yeah how like you said that we can overwrite anything i had no i didn't know that so it was nice to see the just show this to us so it's nice to see good stuff good stuff lucas yeah no the same like this opened up i guess the whole world of customization can yeah it's like okay we can do anything it's it's pretty cool and uh it it you even did it kind of with ease without knowing really what you you know went into which was which was pretty cool too yeah pretty good session it you know that that that comes with experience because i've been dealing with with a lot of stuff before but it's just code code code code code and then you you you get into this flow arun did you learn anything today uh yep uh role-based authentication and overwriting it's like i i guess the uh how to do that so that is good awesome awesome look uh yeah well i jumped here and i jumped in kind of at the end there but uh knowing that you can override things uh without maybe sort of you know putting a detriment on the rest of the functionality it would be an interesting thing so i will probably watch this one back and uh i'll go through the whole thing ready for when i jump back to the api cool and siever finally uh yeah so i think it's an interesting session by what the guys are talking about so i will need to watch it later because in the end like i don't understand anything what's going on [Music] that's the spirit that's the spirit all right guys uh this code is pushed and we will uh move on i need to take a bit of a break but if you guys are up for or need any other support in terms of of your your front-end application i know that you guys are struggling or i don't know if i'm if i'm reading this correctly but i assume that you guys are or has halted the the the development on those on this react router thingy there's a pr pending that hasn't been updated at least not last night no we we went uh we in terms of the functionality side of things we swapped around that we had the create action there first before the login feature yeah because we were afraid that you will say login is not a feature so it is not a feature yeah that's why we kind of just uh put it on hold basically yeah so this article stuff is updated and actually i believe you can merge it we can do the login now this one the other just tell me about this one what's going on in this one uh it's working progress right now it's almost done okay like what is it supposed to do there's a page layout and uh you're actually removing red x well you're removing redux am i kim it says here remove redux so yeah from the person i was like okay we're gonna get it to work first uh that way you know yeah i forgot one thing at the stop pretty much i up before so um some problems before but now we can start with that refactoring shift right right right um okay so let's have a look at this one then so there's a pr here pending uh no that's the client no we're looking at the sorry uh the admin here we go uh there's a p there are two pr's um journalists can create an article journalists can create an article as a journalist yeah we need to i need to update the uh the name on the working progress one in order to get out again i need to be able to fill out the phone to send the data all right so so when i read the code will i see that this guy is actually a journalist no okay no no i will be here no we've not done that in any way okay so we can just change this as a user of the system right there is one thing we have this scope down like journalist model yeah so it's like one place where there is our journals right and i left a comment on you were asking about this like it's called down and yeah said that we think that maybe in uh when we will be dealing with router we will make like two dashboards one for editor one for journalists because they're quite different and it has much more functionality right and it would be like the easiest thing to do we think you know just to use router to switch i i i hear what you're saying unfortunately i will counter this with like with this i will counter this with this uh so how about how about you call it a dashboard now and when the need of actually splitting them up between an editorial dashboard and a journalist dashboard then you do that because because you can't store optimization no well that this is pretty much your optimization in my opinion because you can't really foresee the future do you understand and i'm just being obnoxious now but i want to force you to think that's that's you we could we can let this slip of course you know it's not a problem but what i'm saying is that if you are thinking in that particular way because they are different a you don't know if they are different you can always abstract that away and have conditionals b if they are i would i would actually go with creating a generic dashboard now and then split it up later on actually because you know i reacted to this this thing that that the dash you know the journalist thingy is a bit too too scoped uh but you know what i i'm gonna you know it is ascension day you know when jesus christ is talking to us one way or another even if we believe in him or not and so i'm going to let this one slide of course and i will not get into a long debate whether what is right or wrong however the only thing i'm asking for is that you talk about this in the in the team and and you make a decision do you understand but just have a discussion about what is the the correct way to to or not the correct but the the the the easiest or the most agile uh xp way to go about this okay uh so that's that's the only thing i will say and also please do not use divs as rappers but rather fragments uh that's uh you know uh right unless you style them right unless you start yeah unless you have a uh yeah prizes precisely brilliant default great assing event right right did you guys have the red x error still no no no no we fixed it like uh we just added this state basically and it started to work so it has like a default state which is empty basically you needed that you really needed that yes in the uh store that's okay that's okay sir it's okay life happens around us don't worry about it be nice to you don't give her that look in configure store because you see if you give her this look she will probably throw one of those plates in your head you know what look i was uh what are you talking about right modulus articles right right right right okay so so i have a few comments on this one uh how about you do something like this um you say const article equals equals an object and then you say create you can you can mute yourself for a second now that's that's okay that's not me who is that [Laughter] okay um yes so you do a sync uh create and then you do you know do your stuff here um um yeah you're right um event category right and then you know just do your stuff and return you know whatever and so and then in your right and then then you could in your uh you do a default export default or export default sorry export default article uh perhaps articles yeah or yeah article art yeah article well it doesn't matter if it's article or article singular because like we're yeah well well but the thing is you know this is an article service do you understand like you would so you would have now later on you could have you know later on and this is again pretty much your optimization then you can have index you can bind the different different uh options you know and then you can have show you understand and so what's inside of an object like this yeah yeah yeah you bind you bind the the function so so an object in javascript can have attributes or properties of course as primitives you know strings and numbers and the other other but you can also call complex things like functions right so so this is this is the the thing uh that in this case you will say articles dot create and then pass in things yeah we tried to do it but we didn't figure out that we can pass it into object and try to do like class or stuff you can use a client you can use a class too you can you can definitely use the class i definitely you can say you can use a class here if you want but this is a bit simpler um so i would go with something like this yeah and then in your in your then you because you know if you if you export this like this then in here in here in here in here where is it [Music] where is it article create model the other one right so here if you follow my my my example then you could do uh then you could do something like this uh just create you can do this and then you just call create or you can do import use use as you know just just create and then your parameters or you could import import that goes in and grabs the action so you don't have to import the whole thing no you can just import the yeah okay now did what i would do i would actually do this because this you know in your code later this would be more readable do you understand yeah but you can do this as well okay do you understand no i like don't yes yes we can do it right yeah yeah um and then then this now it's kind of resembles if you look at it uh it kind of resembles a controller do you understand yeah you you are but you're doing the axial stuff and all of this stuff but you you're like have you have a one big object with with the crowd actions uh received and then you don't have to you know use those those nouns like create articles show me one article or two you know it's you you you are more restful even though you don't necessarily have to be restful but it's it is it is more more rest like you know and i like this a lot because you know i'm so fed up with myself or something that's what i would go with uh probably not definitely check that out oh god i should we should have more of these sessions because i love the feedback i love the feedback all right folks uh this will that do it for me uh we've been at it for hour and a half i guess you guys need to eat some breakfast or whatever you're doing no it's lunch time okay uh i think my wife is calling on me so thank you very much and thank you viewers and i will be online later today tonight actually to do some um uh i have a testing session that i would like to to run and we're also going to run our agile ventures event later today so if you haven't signed up for agile ventures please go ahead and do that it's a fantastic opportunity to get together with other developers and do some social coding more on that at some other time thank you very much everyone stay cool and stay safe thank you thomas and have a great ascension thank you

Info

Channel: Craft Academy

Views: 588

Rating: 5 out of 5

Keywords: games, twitch

Id: aLXuOH0S76I

Channel Id: undefined

Length: 94min 20sec (5660 seconds)

Published: Thu May 13 2021