WEBVTT Kind: captions Language: en 00:00:00.030 --> 00:00:05.279 Okay now that we've set up the permissions on our feed API let's go 00:00:05.279 --> 00:00:10.800 ahead and test it in the browser okay so load up the terminal or the git 00:00:10.800 --> 00:00:15.269 bash window and make sure that the Django development server is running and 00:00:15.269 --> 00:00:22.050 is refreshed with the latest changes then let's open up the Google Chrome browser 00:00:22.050 --> 00:00:26.039 and you can see that I am currently unauthenticated because I haven't 00:00:26.039 --> 00:00:31.859 checked the authorization box in the mod header Chrome extension so let's leave 00:00:31.859 --> 00:00:36.840 it unauthenticated and let's just click on the URL again and hit enter to reload 00:00:36.840 --> 00:00:41.670 the page you can see that this time because we added the is authenticated or 00:00:41.670 --> 00:00:46.350 read-only permission the only thing that we're allowed to do is read the objects 00:00:46.350 --> 00:00:52.890 in the API currently there are no objects so it just returns an empty list so 00:00:52.890 --> 00:00:58.140 let's try adding authentication back to the mod header Chrome extension and then 00:00:58.140 --> 00:01:02.789 refresh the page again you can see that now we're authenticated we have the 00:01:02.789 --> 00:01:08.520 ability to create new status objects let's add a new object called new object 00:01:08.520 --> 00:01:13.890 and hit post to create the new status object now we're going to test what 00:01:13.890 --> 00:01:19.350 happens if we try and modify this object from a different user this is to test 00:01:19.350 --> 00:01:22.360 the update own status permission 00:01:22.360 --> 00:01:27.119 so I'm going to head over to API forward slash login to 00:01:27.119 --> 00:01:32.579 generate a new login token for a different user now I'm currently using 00:01:32.580 --> 00:01:40.980 the mark@londonappdev.com user so I'm going to authenticate with brooke@londonappdev.com 00:01:40.980 --> 00:01:46.619 password 1 2 3 and you can see that we have a new token here so I'm 00:01:46.619 --> 00:01:50.729 just going to copy the contents of this token and then I'm going to add a new 00:01:50.729 --> 00:01:57.810 row to the mod headers extension by clicking add request header and we're 00:01:57.810 --> 00:02:05.159 going to type authorization as the name and the value is going to be token and 00:02:05.159 --> 00:02:10.890 I'm going to paste the token that I added or that we just generated then I'm 00:02:10.890 --> 00:02:13.959 going to uncheck the first authorization token 00:02:13.959 --> 00:02:18.040 because we only want to use one at a time and I'm going to use the second 00:02:18.040 --> 00:02:23.300 then I'm going to head back to the feed API 00:02:23.300 --> 00:02:24.819 you can see here that now I am 00:02:24.819 --> 00:02:29.950 authenticated as brooke@londonappdev.com so what happens if I head over 00:02:29.950 --> 00:02:37.359 to the ID object with the ID of five so I'm going to add five to the URL hit 00:02:37.359 --> 00:02:42.159 enter you can see that I'm unable to modify this object because it isn't 00:02:42.159 --> 00:02:46.359 assigned to me the user profile doesn't match the ID that I'm currently 00:02:46.359 --> 00:02:54.010 authenticated as so let's go and create a new item here so new item hit post and 00:02:54.010 --> 00:03:00.269 then go back to the route of the URL and you can see that the user profile 3 is 00:03:00.269 --> 00:03:06.430 the user that I'm logged in as so if we were to add forward slash 6 and modify 00:03:06.430 --> 00:03:14.079 this object you can see that I can change the text changed text so for 00:03:14.079 --> 00:03:18.819 objects that I create I'm able to modify but objects that I didn't create I'm 00:03:18.819 --> 00:03:23.060 unable to modify or delete 00:03:23.060 --> 00:03:27.010 ok so it appears that our permissions are working 00:03:27.010 --> 00:03:29.579 as expected