1
00:00:05,220 --> 00:00:10,110
Welcome back, everyone, to this lecture where we're going to apply user authentication protocols onto

2
00:00:10,110 --> 00:00:10,590
views.

3
00:00:10,980 --> 00:00:12,360
There's two ways of doing this.

4
00:00:12,360 --> 00:00:16,860
There's decorators for function based views and then Nixons for class based views.

5
00:00:17,190 --> 00:00:18,390
Let's explore both of them.

6
00:00:19,600 --> 00:00:22,420
All right, here I am, back at our library project.

7
00:00:22,570 --> 00:00:28,240
The first thing I want to explore here is actually displaying something to the user, letting them know,

8
00:00:28,240 --> 00:00:29,920
Hey, you're actually logged in.

9
00:00:30,220 --> 00:00:35,680
We already know that Django's authentication system actually passes a user object that we can access

10
00:00:35,680 --> 00:00:37,060
inside the template.

11
00:00:37,540 --> 00:00:40,420
So what I'm going to do here is simply go to the index page.

12
00:00:40,660 --> 00:00:41,680
Remember, it's very simple.

13
00:00:41,690 --> 00:00:46,090
It just says home page, the total books and then the number available.

14
00:00:46,420 --> 00:00:51,010
What I want to do is actually have an if statement that says, Hey, if the user's authenticated, say

15
00:00:51,040 --> 00:00:51,910
you're logged in.

16
00:00:52,450 --> 00:00:57,310
So what I'm going to do here is add in an if statement that says if.

17
00:00:57,490 --> 00:01:04,330
And then we say user dot is underscore authenticated just as we've done previously.

18
00:01:05,379 --> 00:01:07,540
And then we'll say if the users authenticated.

19
00:01:07,720 --> 00:01:13,630
I'll have a paragraph here that says you are logged in.

20
00:01:14,140 --> 00:01:20,170
And later on we can actually access attributes that are built in to the user, such as the username.

21
00:01:20,230 --> 00:01:22,780
They can check out the documentation for a list of all the attributes.

22
00:01:23,110 --> 00:01:32,740
But for example, I could say P and then insert the user dot and then we can say get user name.

23
00:01:35,280 --> 00:01:37,230
And then close that off.

24
00:01:37,800 --> 00:01:41,760
And I can say something like Welcome and then their username.

25
00:01:41,820 --> 00:01:48,750
So let's actually save this and let's check out and let's actually say else real quick here that we

26
00:01:48,750 --> 00:01:53,370
can say else if they're not logged, then we'll say you are not logged in.

27
00:01:54,740 --> 00:01:55,760
To see these changes.

28
00:01:55,760 --> 00:01:58,760
You may want to restart running this summer.

29
00:01:59,120 --> 00:02:06,020
Control see here and let's run that server and make sure you visit the server inside an incognito window.

30
00:02:06,290 --> 00:02:11,090
Sometimes, depending on your browser, it may start actually caching in information which is not super

31
00:02:11,090 --> 00:02:14,300
ideal because we're still playing around and changing the website a lot.

32
00:02:14,600 --> 00:02:17,630
We don't want it to accidentally cache that you're logged into the website.

33
00:02:18,080 --> 00:02:23,960
So we're going to do here is go back to your homepage and you should see now it say something like you

34
00:02:23,960 --> 00:02:28,640
are not logged in or remember to visit this incognito and also to restart the server.

35
00:02:28,880 --> 00:02:30,020
So I'm at my home page.

36
00:02:30,350 --> 00:02:33,500
I see the total books number available and it says I'm not logged in.

37
00:02:33,890 --> 00:02:41,330
Remember that we have the default account URLs that come with Django's user authentication system,

38
00:02:41,690 --> 00:02:44,840
which means based off the templates that we created earlier.

39
00:02:44,870 --> 00:02:47,750
So if you come back here, you can check with the templates.

40
00:02:47,750 --> 00:02:50,720
Remember we have under registration logged in that HTML.

41
00:02:51,110 --> 00:02:53,300
So let's explore that one real quick.

42
00:02:53,300 --> 00:02:55,220
So we're going to go to accounts.

43
00:02:56,370 --> 00:02:57,840
So we'll go to accounts.

44
00:02:57,990 --> 00:02:59,130
Forward slash.

45
00:02:59,970 --> 00:03:01,770
Log in, hit enter.

46
00:03:02,130 --> 00:03:06,870
And you're going to have a kind of disgusting form here because I haven't really stylized it, but we

47
00:03:06,870 --> 00:03:09,990
already know I can add a bootstrap in and other things that make this look a lot nicer.

48
00:03:10,350 --> 00:03:14,010
So let's put in the username and password for the user we created earlier.

49
00:03:15,580 --> 00:03:22,270
Remember we created this user in the admin and right now I'm going to say my user and the password I

50
00:03:22,270 --> 00:03:23,380
selected was simple.

51
00:03:23,380 --> 00:03:24,460
It was my password.

52
00:03:26,270 --> 00:03:27,320
One, two, three.

53
00:03:27,420 --> 00:03:32,410
I remember we also reconfigured the redirect that should go back to the homepage after logging in.

54
00:03:32,420 --> 00:03:34,040
So I'm very zoomed in here.

55
00:03:34,040 --> 00:03:36,530
You'll see something like this.

56
00:03:36,680 --> 00:03:37,670
So just keep that in mind.

57
00:03:38,210 --> 00:03:38,720
Log in.

58
00:03:39,550 --> 00:03:41,800
And an out says you are logged in.

59
00:03:42,100 --> 00:03:43,420
Welcome my user.

60
00:03:43,780 --> 00:03:44,050
Okay.

61
00:03:44,050 --> 00:03:45,550
So what have we proven so far?

62
00:03:45,880 --> 00:03:51,010
We've proven that we have the capability to create login pages based off the URL.

63
00:03:51,370 --> 00:03:57,100
We're able to actually log someone in and then we can detect whether or not they're locked in with just

64
00:03:57,100 --> 00:03:57,770
those features.

65
00:03:57,790 --> 00:04:00,250
You now have very powerful tools available.

66
00:04:00,610 --> 00:04:02,860
Because if you go back to the templates.

67
00:04:03,040 --> 00:04:07,810
So if we come back here to our index page, the fact that I can check if a user is authenticated.

68
00:04:08,110 --> 00:04:13,930
That means later on I'll be able to check the user's particular ID and then make calls to my models

69
00:04:13,930 --> 00:04:15,940
and start collecting things based off their I.D..

70
00:04:16,300 --> 00:04:19,779
That's how we can start to begin to build things like a profile page.

71
00:04:20,649 --> 00:04:26,590
So so far, we have actually restricted anything based on somebody being logged in and authenticated.

72
00:04:26,740 --> 00:04:30,940
We're just showing them different information if they're logged in versus not locked in.

73
00:04:31,420 --> 00:04:36,760
So what I want to move towards now is actually authentication based restriction of pages.

74
00:04:36,790 --> 00:04:42,040
That is to say, you're not even allowed to see the content of the page if you're not logged in.

75
00:04:42,460 --> 00:04:44,230
Anybody can still see our homepage.

76
00:04:44,260 --> 00:04:46,960
It just displays differently if they're logged in or not.

77
00:04:47,200 --> 00:04:52,630
But what if I want a particular page to not even show up and just tell the person, Hey, you have to

78
00:04:52,630 --> 00:04:54,400
be logged in to see this page?

79
00:04:54,400 --> 00:04:59,230
It's actually restricted based off who you are and whether or not you're authenticated.

80
00:04:59,590 --> 00:05:01,030
Let's explore how we can do that.

81
00:05:02,560 --> 00:05:03,070
To begin.

82
00:05:03,070 --> 00:05:06,810
What I want to do is in the same way, create a log in HTML.

83
00:05:06,910 --> 00:05:10,000
I'm going to create a very simple log out page.

84
00:05:10,330 --> 00:05:14,230
That way the user has the ability to log in or log out.

85
00:05:15,580 --> 00:05:21,100
In fact, right now, if you were to go to forward accounts, forward slash lockout, you would actually

86
00:05:21,100 --> 00:05:27,160
see your user being logged out but taken to the Admin Logout page, that's not exactly what you want.

87
00:05:27,190 --> 00:05:32,350
In fact, it'd be more convenient if we could say, Hey, our own little page here, you've been locked

88
00:05:32,350 --> 00:05:32,590
out.

89
00:05:32,980 --> 00:05:36,720
That also means that we need some sort of button to activate being logged out.

90
00:05:36,730 --> 00:05:37,960
So let's check it out.

91
00:05:39,400 --> 00:05:43,510
I'm going to underneath registration, create a new template.

92
00:05:44,200 --> 00:05:45,490
So I'll send you a file.

93
00:05:45,880 --> 00:05:50,650
And this one under registration again is going to be called logged.

94
00:05:50,890 --> 00:05:53,890
Underscore out the HTML.

95
00:05:55,600 --> 00:05:58,250
And remember, these are kind of special, reserved template names.

96
00:05:58,250 --> 00:05:59,830
So you have to follow along with me here.

97
00:06:00,340 --> 00:06:04,690
So this is the page that actually shows up when someone has logged out.

98
00:06:05,080 --> 00:06:09,310
So keep in mind, they're already logged out by the time they click and get to this page.

99
00:06:09,700 --> 00:06:14,140
Essentially, that is to say there's going to be buttons on other pages that have the word.

100
00:06:14,320 --> 00:06:20,260
Click here to log out and then it redirects in this HTML page called Log Out that HTML that essentially

101
00:06:20,260 --> 00:06:25,960
informs Django, Hey, if this person has visited this page, use your administrative capabilities to

102
00:06:25,960 --> 00:06:27,100
log out this person.

103
00:06:27,520 --> 00:06:32,860
So that means on this page, if we begin to type out the doc, we really just need the information to

104
00:06:32,860 --> 00:06:36,370
say something like, you have been.

105
00:06:37,700 --> 00:06:38,270
Locked up.

106
00:06:39,020 --> 00:06:43,880
And then if we want to, we can also add in information to log back in.

107
00:06:44,090 --> 00:06:48,350
So we could, if we wanted to make a little button here that says, hey, click here to log in again

108
00:06:48,350 --> 00:06:53,120
so I can create an anchor tag that uses my URL routing.

109
00:06:53,390 --> 00:06:54,230
So let's try this.

110
00:06:55,810 --> 00:06:57,520
And then here I'm going to say.

111
00:06:58,610 --> 00:06:59,570
Your URL tag.

112
00:07:00,640 --> 00:07:04,870
And we'll have it for the login tag here.

113
00:07:05,530 --> 00:07:08,020
And then inside we're going to say click.

114
00:07:09,230 --> 00:07:09,980
Two.

115
00:07:10,550 --> 00:07:11,750
Well, let's just say click here.

116
00:07:12,940 --> 00:07:13,870
To log in.

117
00:07:15,390 --> 00:07:19,440
Remember this is a page to get visitor to post being logged out.

118
00:07:21,390 --> 00:07:26,460
So the one last thing I need to add is some button somewhere that actually tells them to log out.

119
00:07:26,610 --> 00:07:30,390
Well, the home page is probably a good example of that because remember, I'm only checking if the

120
00:07:30,390 --> 00:07:31,530
user's authenticated.

121
00:07:31,920 --> 00:07:36,510
I do not want to show a log out button if the user hasn't logged in yet.

122
00:07:36,870 --> 00:07:41,670
So be careful when you're designing your pages and templates that you're not always displaying a log

123
00:07:41,670 --> 00:07:48,090
out button or a login button that should actually be conditionally chosen based off if the user is authenticated

124
00:07:48,090 --> 00:07:48,720
or not.

125
00:07:49,170 --> 00:07:53,940
Which means here I'm saying if the user is authenticated, they're logged in.

126
00:07:54,240 --> 00:07:58,020
Welcome user and I should give them the option to log out.

127
00:07:58,380 --> 00:07:59,810
Lots different ways I can do this.

128
00:07:59,820 --> 00:08:04,320
One simple way just with a reference to go to the log out h html site.

129
00:08:04,890 --> 00:08:11,490
So here I'm going to put an anchor tag and the reference is going to be to a URL.

130
00:08:12,430 --> 00:08:14,650
And then it's going to be log out.

131
00:08:15,430 --> 00:08:17,710
So we'll say log out here.

132
00:08:18,640 --> 00:08:21,580
And then I'm going to set this up.

133
00:08:22,000 --> 00:08:30,250
Now, the question is, I should be using some sort of request path in order to have them go to another

134
00:08:30,250 --> 00:08:33,309
page after they're able to log out.

135
00:08:33,400 --> 00:08:37,030
Essentially, there's a next parameter that we can use.

136
00:08:37,090 --> 00:08:41,710
So I can append a special next parameter to the end of this year URL.

137
00:08:42,190 --> 00:08:48,250
What this does is it's going to add a URL parameter called next that contains the address URL of the

138
00:08:48,370 --> 00:08:51,520
current page to the end of the linked URL.

139
00:08:52,330 --> 00:08:57,430
Essentially what that means is after the user has successfully either logged in or logged out, the

140
00:08:57,430 --> 00:09:02,650
views can then use that next value to begin to redirect the user back to the page where they actually

141
00:09:02,650 --> 00:09:05,080
first clicked that log in, log out link.

142
00:09:05,500 --> 00:09:09,550
It's technically optional to use something like this, but it's going to make the flow of your website

143
00:09:09,790 --> 00:09:10,960
make a lot more sense.

144
00:09:11,200 --> 00:09:12,010
So let's try it out.

145
00:09:13,030 --> 00:09:17,860
The notation for this is to say the following question mark here.

146
00:09:18,800 --> 00:09:20,480
Notice this all going inside the quotes.

147
00:09:21,020 --> 00:09:22,160
Then we're going to say next.

148
00:09:23,220 --> 00:09:25,770
Equal to and then we'll say request.

149
00:09:26,950 --> 00:09:27,730
That path.

150
00:09:28,600 --> 00:09:32,500
So notice there's essentially the request object that's being passed back with all the views that we

151
00:09:32,500 --> 00:09:32,950
always see.

152
00:09:33,280 --> 00:09:37,660
You can actually grab that path and then I'm using a little bit of your encoding here to say next is

153
00:09:37,660 --> 00:09:39,220
equal to that request path.

154
00:09:39,910 --> 00:09:44,350
And similarly, if you're not logged in, I should probably have a link to the login page.

155
00:09:44,470 --> 00:09:45,850
So let's put that in as well.

156
00:09:46,330 --> 00:09:47,560
We're going to create an anchor tag here.

157
00:09:48,130 --> 00:09:50,310
And in fact, it's going to look extremely similar to this.

158
00:09:50,320 --> 00:09:53,380
So let's just copy and paste the work we've already done here.

159
00:09:54,750 --> 00:09:56,940
And just switch it with a log in.

160
00:10:00,500 --> 00:10:01,670
And then we can save that.

161
00:10:02,420 --> 00:10:02,720
All right.

162
00:10:03,110 --> 00:10:09,380
So I have indexed each HTML and it's checking whether or not someone is logged in and or logged out.

163
00:10:09,470 --> 00:10:12,110
And then we can actually say, if you're logged in, you can log out.

164
00:10:12,110 --> 00:10:13,970
If you're not logged in, then you can log in.

165
00:10:14,270 --> 00:10:14,570
Okay.

166
00:10:15,110 --> 00:10:18,320
So always be careful on making sure this logic is correct.

167
00:10:18,620 --> 00:10:21,830
You don't want to show someone a log out button when they're still locked out.

168
00:10:21,890 --> 00:10:22,790
So just be careful.

169
00:10:22,790 --> 00:10:27,020
If that sort of users authenticated their logged in, that means they should be able to log out.

170
00:10:27,320 --> 00:10:29,930
Otherwise, if they're not authenticated, they should be able to log in.

171
00:10:30,290 --> 00:10:31,580
So I'm going to save those changes.

172
00:10:32,000 --> 00:10:35,600
Let's go ahead and let's actually restart this server.

173
00:10:36,320 --> 00:10:38,180
Now, remember to be visiting this incognito mode.

174
00:10:38,180 --> 00:10:40,220
We don't actually have any caching issues here.

175
00:10:40,790 --> 00:10:46,790
And I'm going to refresh the page and you'll notice I'm refreshing here.

176
00:10:47,700 --> 00:10:49,230
And I see you are logged in.

177
00:10:49,230 --> 00:10:50,540
Welcome, my user.

178
00:10:50,550 --> 00:10:52,470
And we actually don't have any text here in the anchor type.

179
00:10:52,560 --> 00:10:53,460
I forgot to fill that in.

180
00:10:53,520 --> 00:10:56,520
So let's click this to log out here.

181
00:10:57,210 --> 00:10:59,910
And then this is going to say, log in here.

182
00:11:01,260 --> 00:11:01,620
Okay.

183
00:11:01,680 --> 00:11:03,300
Now I'm going to refresh.

184
00:11:04,650 --> 00:11:05,070
There we go.

185
00:11:05,080 --> 00:11:06,300
Now I see logout here.

186
00:11:06,690 --> 00:11:13,200
If I click this, you'll notice it's going to say Account's log out, so click here and I'm no longer

187
00:11:13,200 --> 00:11:15,870
logged in, so it goes back and redirects me.

188
00:11:16,350 --> 00:11:22,920
So essentially what that did is it's able to, if I come back here, come to logged out h HTML and then

189
00:11:22,920 --> 00:11:29,010
immediately redirect them to next, which is going to say, hey, go back to the current page that were

190
00:11:29,010 --> 00:11:29,310
on.

191
00:11:29,820 --> 00:11:35,040
Let me show you what happens if I actually delete that so you can get an idea of what it's actually

192
00:11:35,040 --> 00:11:35,370
doing.

193
00:11:35,370 --> 00:11:36,240
So I'm going to hit.

194
00:11:37,480 --> 00:11:38,070
That.

195
00:11:38,080 --> 00:11:39,100
Let's save it.

196
00:11:39,520 --> 00:11:40,390
I'm going to.

197
00:11:41,540 --> 00:11:43,040
Refresh this and log in again.

198
00:11:43,130 --> 00:11:44,360
I'm currently not logged in.

199
00:11:44,840 --> 00:11:45,860
Going to log in here.

200
00:11:46,580 --> 00:11:47,390
My user.

201
00:11:47,960 --> 00:11:48,950
My password.

202
00:11:49,310 --> 00:11:50,270
One, two, three.

203
00:11:50,840 --> 00:11:54,590
I click log in and now I'm logged in my user.

204
00:11:54,830 --> 00:12:00,440
Remember when I clicked logged out here because I had that next capability, it essentially very quickly

205
00:12:00,440 --> 00:12:04,220
skipped going from logged out the HTML two back to the home page.

206
00:12:04,310 --> 00:12:08,870
But if you actually wanted something to specifically tell the user, hey, you're logged out, I'm not

207
00:12:08,870 --> 00:12:14,990
redirecting you anywhere, then you can click log out here and it says you've been locked out and you

208
00:12:14,990 --> 00:12:16,630
can click back here to log in.

209
00:12:17,090 --> 00:12:20,660
So let me explain what's going on here again in terms of the template.

210
00:12:21,110 --> 00:12:25,610
So that is the behavior without this next requirement.

211
00:12:25,970 --> 00:12:32,180
So essentially what next does is it says, hey, the page you are currently on that is this request

212
00:12:32,180 --> 00:12:37,910
that came into this template has a path which in this case is indexed to each HTML our homepage if you

213
00:12:37,910 --> 00:12:42,530
want, I can reattach that here to you.

214
00:12:42,530 --> 00:12:47,420
The URL that says, hey, once they're logged out, take me back to the homepage.

215
00:12:47,870 --> 00:12:50,660
This is going to depend on the behavior you want on your website.

216
00:12:50,960 --> 00:12:55,610
Do you actually want your website to have a specific page that tells a user, Hey, you've been logged

217
00:12:55,610 --> 00:12:55,850
out?

218
00:12:56,120 --> 00:13:00,920
Or would you rather just redirect them to the homepage telling them, By the way, you're no longer

219
00:13:00,920 --> 00:13:01,460
logged in?

220
00:13:01,880 --> 00:13:06,320
It's up to you whether or not the logged out page is important to you to show.

221
00:13:06,710 --> 00:13:12,110
But now let me show you behavior one more time with this next request path added in here.

222
00:13:12,590 --> 00:13:14,360
So remember, I'm currently logged out.

223
00:13:14,360 --> 00:13:15,380
Going to click here to log in.

224
00:13:16,410 --> 00:13:17,520
And when, say, my user.

225
00:13:18,560 --> 00:13:19,360
My password.

226
00:13:19,370 --> 00:13:20,240
One, two, three.

227
00:13:20,840 --> 00:13:23,660
I hit log in and I'm currently logged in.

228
00:13:23,780 --> 00:13:24,680
Welcome my user.

229
00:13:25,010 --> 00:13:26,420
Last time I clicked log out here.

230
00:13:26,450 --> 00:13:30,200
If I didn't have that next, it actually took me to logged out that each HTML.

231
00:13:30,500 --> 00:13:33,320
But now if the next it's going to redirect me automatically.

232
00:13:34,180 --> 00:13:35,620
And take me back to the homepage.

233
00:13:35,770 --> 00:13:39,910
So that's the sort of behavior that you get to decide what to choose and what to show.

234
00:13:40,750 --> 00:13:46,840
What we're going to do now is, as I mentioned, expand on this and show you how to use user authentication

235
00:13:46,840 --> 00:13:47,950
within views.

236
00:13:48,010 --> 00:13:51,120
So we've done a lot of work with templates, but what about views?

237
00:13:51,130 --> 00:13:54,340
I want to actually block somebody from even viewing something.

238
00:13:54,700 --> 00:13:59,740
And that depends if you have a view that is function based versus class based.

239
00:14:00,190 --> 00:14:01,840
So let's go to our views.

240
00:14:02,050 --> 00:14:03,520
So here I am a views up high.

241
00:14:03,850 --> 00:14:09,490
Remember, we have our index page here and we also have the ability to create a new book as well as

242
00:14:09,490 --> 00:14:10,300
detail a book.

243
00:14:10,870 --> 00:14:14,430
I'm going to create a very simple view.

244
00:14:15,730 --> 00:14:19,840
It's going to be called my view takes in a request.

245
00:14:20,950 --> 00:14:24,490
And then this is what this is going to do is simply return.

246
00:14:25,480 --> 00:14:28,050
Um, actually this just render a new template.

247
00:14:28,060 --> 00:14:33,970
So I'm going to render a template that's, let's say, special and it says, hey, welcome to the page.

248
00:14:33,970 --> 00:14:35,530
Only logged in users can see this.

249
00:14:35,530 --> 00:14:42,940
So I'm going to say request here and I'm going to say catalog forward slash, let's say special.

250
00:14:44,440 --> 00:14:46,660
Actually just call it the same as my view.

251
00:14:46,960 --> 00:14:48,010
The h html.

252
00:14:49,030 --> 00:14:50,620
And if I want, I can pass any context.

253
00:14:50,620 --> 00:14:51,970
But there's no context that exists here.

254
00:14:52,510 --> 00:14:53,590
So go ahead and say this view.

255
00:14:53,650 --> 00:14:55,190
Again, it's a function based view.

256
00:14:55,210 --> 00:14:56,470
My view render a request.

257
00:14:56,800 --> 00:14:57,880
Catalog my view.

258
00:14:58,070 --> 00:14:58,450
HTML.

259
00:14:58,480 --> 00:15:04,150
Main idea here is I only want authenticated users to be able to see this, so I still need to make that

260
00:15:04,150 --> 00:15:04,510
template.

261
00:15:04,720 --> 00:15:05,770
We'll send you file here.

262
00:15:06,700 --> 00:15:07,380
Going to call it.

263
00:15:08,320 --> 00:15:15,010
My view that each Tamil so far, what we understand is I can grab the user and say, okay, if the users

264
00:15:15,010 --> 00:15:17,740
authenticated, show them something on this HTML.

265
00:15:18,130 --> 00:15:21,070
That's actually not exactly what I want to hear or do here.

266
00:15:21,160 --> 00:15:26,830
What I want to do is actually restrict access to this view entirely and say, Hey, sorry, you're not

267
00:15:26,830 --> 00:15:31,690
going to have access to even see something from this HTML if you're not logged in.

268
00:15:31,840 --> 00:15:37,660
So I'm just going to create a very simple heading that says Logged in users only.

269
00:15:38,690 --> 00:15:39,800
And save that.

270
00:15:39,800 --> 00:15:44,090
And let's go to our Urals up high and let's add in that view.

271
00:15:44,390 --> 00:15:45,410
So I'm going to say path.

272
00:15:46,460 --> 00:15:46,850
Here.

273
00:15:47,980 --> 00:15:50,860
And it's going to be called my view.

274
00:15:51,490 --> 00:15:59,620
So this is forward slash my view and this is from views that my view and we can give it a name of.

275
00:16:00,590 --> 00:16:01,140
My view.

276
00:16:02,230 --> 00:16:03,890
Then go ahead and save that.

277
00:16:04,280 --> 00:16:06,110
And if you want you can link this formally.

278
00:16:06,110 --> 00:16:11,210
But we'll just go to catalog forward slash my view to see what actually happens here.

279
00:16:11,240 --> 00:16:13,730
Now, remember, we haven't actually done any restrictions.

280
00:16:13,880 --> 00:16:18,680
We haven't done any restrictions on template side of things and I haven't done any restrictions on the

281
00:16:18,680 --> 00:16:19,370
view side of things.

282
00:16:19,370 --> 00:16:21,230
I just created a very simple function based view.

283
00:16:21,710 --> 00:16:28,850
So if I go to that page right now on my home page, notice I'm not logged in and if I go to forward

284
00:16:28,850 --> 00:16:29,780
slash catalog.

285
00:16:30,910 --> 00:16:33,460
My view and enter this is logged in users only.

286
00:16:33,490 --> 00:16:37,030
Obviously I don't want that behavior because I'm currently not logged in.

287
00:16:37,390 --> 00:16:42,640
So how can we add a simple decorator call that requires a log in to see that page?

288
00:16:43,510 --> 00:16:45,400
Well, it's super easy of Django.

289
00:16:45,880 --> 00:16:51,880
You scroll up to the top and for function based views, you're going to go from Django dot contrib.

290
00:16:52,670 --> 00:16:55,580
Dot off dot decorators.

291
00:16:56,270 --> 00:17:02,090
You're going to import the super simple decorator called login required and this allows you to just

292
00:17:02,090 --> 00:17:05,630
decorate a function to require login to see that page.

293
00:17:06,230 --> 00:17:13,339
So we scroll down here and then I simply decorate that function with at log in required.

294
00:17:14,359 --> 00:17:15,800
Go ahead and save that change.

295
00:17:15,950 --> 00:17:17,849
And that's the very simple code.

296
00:17:17,869 --> 00:17:20,290
I'm just decorating it with this.

297
00:17:20,300 --> 00:17:22,490
And so come back to my home page here.

298
00:17:22,970 --> 00:17:23,859
Refresh this.

299
00:17:23,869 --> 00:17:25,130
I'm currently not logged in.

300
00:17:25,550 --> 00:17:29,690
Let's see what happens if I go to catalog forward, slash my view.

301
00:17:30,700 --> 00:17:32,830
It says, please log in to see this page.

302
00:17:33,100 --> 00:17:34,480
Notice that was automatic.

303
00:17:34,510 --> 00:17:36,190
In fact, I didn't even have to write this.

304
00:17:36,460 --> 00:17:38,890
It essentially just takes you back to the log in page.

305
00:17:39,190 --> 00:17:43,170
So now the user doesn't even get the chance to see anything.

306
00:17:43,240 --> 00:17:48,370
If the users are authenticated, show them this piece of template, etc. This is no longer happening

307
00:17:48,370 --> 00:17:53,020
at a template level, which means this is essentially higher security because it's not actually giving

308
00:17:53,020 --> 00:17:57,490
them the chance to maybe view the source code and try to decipher what's being shown to them and what's

309
00:17:57,490 --> 00:17:57,850
not.

310
00:17:57,880 --> 00:18:01,780
It's basically a redirect to the log in a page to see that.

311
00:18:02,380 --> 00:18:06,370
So the other way to do this, again, this was for a function based view.

312
00:18:06,850 --> 00:18:11,980
The other way to do this for a class based view would be something like a Mixon.

313
00:18:12,040 --> 00:18:13,600
So let's show you how to do that.

314
00:18:14,050 --> 00:18:20,410
Remember, right now I have the book creation form, which is available to anybody that can log in and

315
00:18:20,410 --> 00:18:21,640
just create a new book.

316
00:18:21,730 --> 00:18:26,890
So if you go to URLs up, I remember I can just go to forward slash create book and anybody can do that.

317
00:18:26,920 --> 00:18:28,330
So let's actually try it out right now.

318
00:18:28,990 --> 00:18:32,110
So if I go, let's say back to my home page.

319
00:18:33,380 --> 00:18:35,870
So let's go back to my home page here.

320
00:18:36,560 --> 00:18:37,700
So I have the home page.

321
00:18:37,730 --> 00:18:40,580
Now I'm going to go to catalog forward slash, create book.

322
00:18:41,610 --> 00:18:45,480
And as we mentioned a few times, this is probably the sort of page where you don't want anybody to

323
00:18:45,480 --> 00:18:47,600
just be able to visit, create new book.

324
00:18:47,610 --> 00:18:49,090
They should actually be logged in.

325
00:18:49,110 --> 00:18:53,610
And then later on, we can say not only do they need to be logged in, but the user needs to be part

326
00:18:53,610 --> 00:18:55,860
of the group that is equal to librarian.

327
00:18:56,190 --> 00:19:00,540
Remember, we can actually now create groups of users and that way I can start filtering.

328
00:19:00,570 --> 00:19:06,330
Hey, if the user is authenticated and the user group is equal to librarian, then they can access this

329
00:19:06,330 --> 00:19:07,770
page and start filling out the form.

330
00:19:08,310 --> 00:19:10,710
So let's say I actually want to block this.

331
00:19:11,250 --> 00:19:17,550
Well, I can come back to the user pie and book create is a great view.

332
00:19:18,030 --> 00:19:23,100
Remember previously I used a decorator and a decorators view to make sure it was logged and restricted.

333
00:19:23,460 --> 00:19:26,090
But as I mentioned, for class based views, it's a mix.

334
00:19:26,790 --> 00:19:31,350
So we say from Django, the contrib, the off dot.

335
00:19:32,390 --> 00:19:34,240
Nixon's import.

336
00:19:34,880 --> 00:19:37,400
And this one is the log in required Nixon.

337
00:19:37,880 --> 00:19:39,140
It's super simple to use.

338
00:19:39,140 --> 00:19:42,920
You just come back down here and you essentially pass it into the view.

339
00:19:43,980 --> 00:19:45,630
You mix it in, so to speak.

340
00:19:45,810 --> 00:19:46,890
That's where the name comes from.

341
00:19:47,070 --> 00:19:49,630
So we'll say required mix.

342
00:19:49,630 --> 00:19:51,570
Then make sure you spell that right.

343
00:19:51,960 --> 00:19:54,990
But now it's required that you're logged in to see.

344
00:19:54,990 --> 00:19:55,590
But correct.

345
00:19:56,040 --> 00:19:57,270
So going save that change.

346
00:19:58,080 --> 00:20:00,030
Let's go back to our homepage.

347
00:20:01,580 --> 00:20:03,150
So here I am back at the homepage.

348
00:20:03,170 --> 00:20:04,850
I'm currently not logged in.

349
00:20:05,210 --> 00:20:08,300
If I try to go to forward slash now create book.

350
00:20:10,060 --> 00:20:12,460
Then I have to say log in to see this page.

351
00:20:12,490 --> 00:20:14,030
Let's actually log in now and see what happens.

352
00:20:14,470 --> 00:20:15,370
Say my user.

353
00:20:16,240 --> 00:20:17,200
My password.

354
00:20:17,230 --> 00:20:18,190
One, two, three.

355
00:20:19,030 --> 00:20:25,350
It log in and now I'm forwarded redirected back to the page that it was initially trying to see.

356
00:20:25,350 --> 00:20:26,740
And that's that next protocol.

357
00:20:27,040 --> 00:20:29,800
That's typically the behavior you want in your website.

358
00:20:30,040 --> 00:20:35,440
You want someone who, if they're being blocked and having to log in that once they log in, they get

359
00:20:35,440 --> 00:20:38,050
redirected back to the page they initially wanted to view.

360
00:20:38,380 --> 00:20:42,400
It doesn't really make sense to redirect the user back to the home page after you type in or find create

361
00:20:42,400 --> 00:20:43,150
new book again.

362
00:20:43,720 --> 00:20:44,080
All right.

363
00:20:44,500 --> 00:20:46,510
So what are we covered so far in this lecture?

364
00:20:46,660 --> 00:20:53,140
Well, we covered the two main ways of requiring user authentication to actually visit a view.

365
00:20:53,560 --> 00:20:58,900
One is decorator based or function based views, and one is mix them based for class based views.

366
00:20:59,170 --> 00:20:59,810
Super easy.

367
00:20:59,810 --> 00:21:04,960
You just do these two imports here and then you can begin to play around and add those into your views.

368
00:21:05,410 --> 00:21:12,820
The other thing we discovered is the ability to log in and log out as well as use your template and

369
00:21:12,820 --> 00:21:18,790
your Django template language to create views and templates that appear different depending if you're

370
00:21:18,790 --> 00:21:20,110
logged in or logged out.

371
00:21:20,560 --> 00:21:22,690
So keep those two ideas separate in your mind.

372
00:21:22,810 --> 00:21:28,060
There's the ability on the template side of things to display different information, whether the user

373
00:21:28,060 --> 00:21:30,400
is logged in or logged out.

374
00:21:30,790 --> 00:21:37,120
But then there's also the view side capability to actually require logins to even visit a page.

375
00:21:37,120 --> 00:21:39,880
And if they're not logged then we can redirect them to the login page.

376
00:21:40,360 --> 00:21:44,440
In order to log someone out you should have this logged out each HTML.

377
00:21:44,770 --> 00:21:50,530
And then again, as we mentioned, it's up to you if you want to redirect them to the next page or if

378
00:21:50,530 --> 00:21:52,480
you just want them to stay on logged out.

379
00:21:52,490 --> 00:21:53,230
H html.

380
00:21:53,710 --> 00:21:53,950
Okay.

381
00:21:53,950 --> 00:21:54,850
That's it for this lecture.

382
00:21:54,880 --> 00:21:55,560
I'll see you at the next one.