WEBVTT

00:00.090 --> 00:04.470
Hello everyone and welcome to the second lesson about the emissions system.

00:04.500 --> 00:06.180
In January this framework.

00:06.180 --> 00:09.290
Continuing the discussion we have started in the previous lesson.

00:09.320 --> 00:15.090
We're not going to see how to secure our review instances so that they can be updated or deleted only

00:15.090 --> 00:16.720
by these same users.

00:16.720 --> 00:23.690
We've created them and in order to do so we will first need to modify our review model minority to Django

00:23.700 --> 00:27.600
as anymore then using it for Anki field so time to go.

00:27.840 --> 00:29.250
Let's get started.

00:29.640 --> 00:33.150
As you can see I'm currently in the site administration interface.

00:33.150 --> 00:39.450
And that's because considering that we want to actually update the review model in order to get detailed

00:39.450 --> 00:46.680
information about the user that is created every single business instead of simply having a strong field

00:46.710 --> 00:53.960
because of that it is better if we now just delete this instance like.

00:53.970 --> 01:00.400
So in order to prevent any possible error we've then you migrations that we're going to use and you

01:00.430 --> 01:04.720
are in the more they stood by file of the books app.

01:04.830 --> 01:09.180
The first thing that we need to do is to actually import to do use that model.

01:09.180 --> 01:11.730
We are going to see how to extend the User model.

01:11.760 --> 01:13.470
Later on during the course.

01:13.470 --> 01:18.240
But right now Django is using a model is perfect for the task at hand.

01:18.240 --> 01:29.960
So from Django country dot off and dot all this empathy was there and now I can just go ahead and update

01:29.990 --> 01:31.740
their review of their field.

01:31.760 --> 01:40.460
We're just now going to be Frankie linked to the user model we have on delete.

01:40.890 --> 01:43.540
Oh that's not cascade.

01:43.910 --> 01:53.070
So I'm not going to stop the development server I'm going to open up a new terminal so I can manage

01:53.070 --> 01:56.510
not by make my connections.

01:56.580 --> 02:01.470
And as you see there is a message that pops up that you're trying to change the neural field REVIEW

02:01.470 --> 02:07.920
AUTHOR only view to not know label without a default and so on about considering that we've just deleted

02:08.100 --> 02:14.830
all the added resistances we add you can just select one end yet I'm going to type none.

02:15.060 --> 02:22.400
So migrations for ebooks alter feel that if you author on review and now by phone manage that by my

02:22.470 --> 02:33.430
great perfect way to close this let me know and we could also modify the serialized e-books API serialize

02:33.590 --> 02:36.990
us and we can modify it this way.

02:36.990 --> 02:52.230
So REVIEW AUTHOR equals C realizes that string related field we have read only equals through and we

02:52.230 --> 02:58.320
are passing a read only equals through because we want to automatically bind the request user to the

02:58.320 --> 03:04.510
Review author field and we're going to do that from within the appropriate view.

03:04.530 --> 03:18.810
So here I'm just going to define REVIEW AUTHOR equals self that request the accuser and then right here

03:19.790 --> 03:29.610
below me again at the word spaces like so yeah I can just add if you author equals Review author.

03:29.740 --> 03:34.550
So basically the same thing that we did for the book instances.

03:35.110 --> 03:38.620
But this time applied to that of the author.

03:38.620 --> 03:45.630
We also need to set that permission glasses attribute in our review key TPA view class.

03:45.700 --> 03:50.970
Considering that this time we really need to how to use that out indicated.

03:51.060 --> 03:59.550
But I'm just going to set emissions dot is not educated or elite only.

03:59.830 --> 04:02.080
So let us know check the code right away.

04:02.080 --> 04:06.320
Going to Iran the development server like so.

04:07.290 --> 04:19.820
Okay let's go back to cruel and yeah we can go to API slash e-books and let's try to review computer

04:19.820 --> 04:29.900
networks so to review we get method not allowed as always but you see we now want the have to field

04:29.940 --> 04:36.530
a review and rating and considering that in fact I have chosen some really great books we can only give

04:36.530 --> 04:46.840
the maximum rating available and yet I'm going to write something like it holy book post perfect.

04:46.840 --> 04:49.600
You see that if you gets created and I will review author.

04:49.660 --> 04:52.830
We got ADD which is the user that I'm currently logged in with.

04:52.960 --> 04:59.350
So let's check the least and bind and edit is perfect.

04:59.470 --> 05:07.060
There is one more thing that we need to set up regarding the reviews and you see if I try to review

05:08.230 --> 05:12.580
computer networks once again maybe using road data.

05:12.580 --> 05:15.800
Like so then I'm going to delete all these fields.

05:18.040 --> 05:28.270
I can now press post you see a second review associated with admin has been created and that's clearly

05:28.300 --> 05:33.560
not good because we only want one review for each book from each user.

05:33.910 --> 05:40.660
So let's see how we can tweak the code in the Perform create method to perfectly match our needs.

05:40.690 --> 05:46.840
We need to perform a validation check from within the perform create method which by the way is often

05:46.840 --> 05:49.960
a perfect place to perform such validation checks.

05:50.510 --> 05:55.640
And so I'm going to get a query set review.

05:56.280 --> 06:04.930
He said it was a review that objects that filter and we can now check if a review author has already

06:04.930 --> 06:12.750
reviewed these specific e-book instances so e-book equals e-book.

06:12.870 --> 06:25.750
This instance with Review author equals Review author you can use the exists method to check if the

06:25.750 --> 06:27.180
query set is legit.

06:27.220 --> 06:37.980
So if review query said that exists and in that case we can raise it and validation at.

06:38.040 --> 06:47.690
So first of all we need to import it and actually remove this appear and hear from rest framework.

06:47.760 --> 06:53.830
The exceptions import validation error that I can now use.

06:53.920 --> 06:59.250
So here res validation error.

06:59.370 --> 07:12.030
And here we can pass a message like you have already reviewed this book so I'm now going to save and

07:12.280 --> 07:14.990
restart the development server once again.

07:15.010 --> 07:24.350
Perfect like so let's go back to Chrome and let's try to review 0 to 1.

07:24.350 --> 07:34.140
So like so review and so at the moment we can because we have not yet reviewed the books I'm going to

07:34.140 --> 07:35.740
give 5 stars.

07:35.990 --> 07:43.670
Post and remember that the text field was optional but let's try to review the book one more time I'm

07:43.670 --> 07:46.440
going to right.

07:46.710 --> 07:49.100
Something like so post.

07:49.290 --> 07:54.590
And you see we get an error for Android by the request you have already reviewed this book.

07:54.600 --> 07:55.840
Perfect.

07:55.980 --> 08:03.100
There is one last thing that we really need to add in order to make our review system secure.

08:03.180 --> 08:09.240
And that's a permission class to only allow review owners to edit specific review instances.

08:09.420 --> 08:19.420
And so in order to do that we can go back to the permissions module and here we can define class is

08:20.410 --> 08:25.540
Review author or read only.

08:25.930 --> 08:32.070
Which this time is going to extend permissions that base permission.

08:32.560 --> 08:38.410
And so here we can overwrite the s object permission method.

08:38.410 --> 08:47.690
We can delete this line in the year first of all to make it a bit more explicit than the one you're

08:47.710 --> 08:50.370
above or maybe a bit more readable.

08:50.440 --> 09:00.280
We can do something like If request that method in permissions that save my then we're going to return

09:00.760 --> 09:01.270
true.

09:01.540 --> 09:03.470
Otherwise we're going to return.

09:04.210 --> 09:21.500
Object this specific instance dot Review author equals request that user so let's save that we can now

09:22.400 --> 09:24.280
import this new class.

09:25.130 --> 09:34.350
So here is a review author or read on only that we can actually use it here in review detail.

09:34.370 --> 09:43.450
EPA is your class so permission classes equals is review for or read only.

09:43.460 --> 09:47.890
So now let's restart our development server.

09:47.990 --> 09:48.870
Perfect.

09:48.890 --> 09:57.940
So let's go back to cruel and let's go to API slash reviews slash 1.

09:58.280 --> 10:00.640
You see we've currently logged in as admin.

10:00.670 --> 10:04.420
Therefore we can update a review.

10:04.420 --> 10:04.960
Perfect.

10:05.470 --> 10:07.930
However let's now log out.

10:07.930 --> 10:17.200
Is that mean and let's log making as standard and you see now we cannot update the review.

10:17.200 --> 10:18.490
Clearly we are not.

10:18.490 --> 10:23.230
They use that was created it let let's go back to business.

10:23.260 --> 10:23.730
Your code.

10:23.740 --> 10:28.950
Let's try to comment this out like so let's restart the development server

10:31.930 --> 10:37.380
so without any protection of course we could if we wanted to.

10:37.480 --> 10:48.680
But once again we have the permission class up and run in everything is much safer.

10:48.680 --> 10:49.210
Perfect.

10:49.440 --> 10:49.700
Okay.

10:49.700 --> 10:54.350
So that was it for this lecture about the permission system in Django this framework.

10:54.350 --> 10:55.950
I really hope you enjoy them.

10:55.970 --> 10:57.320
See you in the next lecture.

10:57.380 --> 11:01.550
Well we are going to learn how to employ a Virginia Biogenesis system for at least 10 binds.