Views and Policies

Although maximum functionality is achieved by being a logged in user, it is important to think of guest users browsing the site. Baring that in mind lets run through the abilities guests and users:

Guest:

  • Home feed showing most recent posts from all subweddits
  • view subweddit and contents
  • view post and comments
  • sign up

User:

  • Log in
  • Personalised home feed
  • Create subweddit
  • Follow Subweddit
  • Create Post
  • Post comment/reply

to preface: guest and user views could have been achieved in a cleaner way by creating seperate routes in web.php and stating if the user is logged in, redirect to 'logged-in' views, or otherwise 'guest' views. As my AWS instance is running on micro I chose to slim my application down so as not to overload my tiny server. Thusly, I opted for utilising @auth and @guest in the blade file. Not very clean, but effective and 'cost' efficient

Starting with the index page:

if the page is viewed by a guest, then display all posts from all subweddits, filtered by their 'created_at' attribute, showing the newest first
[show this code]
if the page is viewed by a logged in user: display their timeline
[show this]

on a subweddit page:

a user will see a 'follow + delete' button, a guest will not.




on a post page:

the form to create a comment and reply will link a guest to log in or register, if a user is logged in then the form will be functional





Laravel provides a simple way to authorize users through gates and policies, so for the pages and requests that require authorization, that is what I will use.

After creating a policy through php artisan, we can start setting what can and cannot be achieved by each user

I will make and register 3 policies

  1. Subweddit policy
  2. Post policy
  3. Comment policy
It is in these policies I will state what level of authorization a user has. Apart from the auth/guest abilities stated at the top of the post, there are a few others that are important to note.

  • A subweddit can only be deleted by the subweddit mod


  • a post can only be edited by the post author and deleted by both the author and the subweddit mod


  • a comment can be deleted by the author and the subweddit mod


These policies can now be addressed in routes as middleware 




Comments

Post a Comment

Popular posts from this blog

Final Database Design

Image
This is a view of the tables at the end of the project: Subweddit: Subweddit includes an id, name, bio and logo for display and information purposes as well a mod_id, the moderator of the subweddit (the subweddit creator by default right now) Post: Post has a title and body, as well as an optional img field. slug is created from the title field being 'slugified' with underscores (_). As well as this, the author of the post is saved as user_id, and the subweddit the post belongs to is also present. Follow: The follow table is the simplest in the database. apart from the laravel created_at and updated_at fields, this table simply holds the user id and the subweddit id of the subweddit the user follows. Comment: Comment holds one text field as 'body', as well as the author (user_id), and the post it belongs to (post_id). Finally, there is a nullable parent_id column which would be used if the comment is a reply, holding the id of the comment being replied to.
Read more

Validation

Image
validation, both serverside and clientside, is essential  for a satisfactory user experience, and for security.  This application makes use of several forms, so it is important that the site be completely tamper-proof. Thankfully, Laravel takes helps the cause, with the @csrf tag, which prevents csrf attacks, or cross-site request forgery. (explain this). validation on the registration is handled largely by the livewire auth package, the only tweak made is validation for the username, which was covered in the auth blog post. which leaves 5 forms to validate: create subweddit create post edit post create comment create reply Client side, all of the validation can be handled by laravel's @error directive, which will quickly determine if there is a validation error in an attribute. The message can be displayed by calling the array $errors. With our Bulma framework, we can make things look a little prettier for the user by changing the form border to red and displaying the red err...
Read more