WEBVTT 00:00.440 --> 00:04.640 So let's continue with the authorization. 00:05.480 --> 00:05.840 Okay. 00:05.880 --> 00:09.880 So what modifies Don Boudreaux over here? 00:10.160 --> 00:14.160 Let's say he will console.log. 00:20.040 --> 00:21.120 With undefined. 00:21.240 --> 00:21.720 Okay. 00:23.160 --> 00:30.160 And if you if we boost the row but will not provide anything, let's say. 00:36.200 --> 00:37.880 It will return empty array. 00:38.360 --> 00:45.800 Right now we need to check a little bit if required. 00:45.800 --> 00:46.200 Row. 00:52.120 --> 00:53.000 Known as it. 00:53.960 --> 00:58.760 It means we will allow perform the action because we don't require anything. 00:58.960 --> 00:59.280 Right. 00:59.320 --> 01:03.070 So for that reason we will return true over here. 01:03.950 --> 01:04.430 Okay. 01:05.030 --> 01:07.910 And we need to check one more thing if required. 01:08.470 --> 01:09.470 Road length. 01:12.030 --> 01:13.110 Equals zero. 01:14.470 --> 01:15.390 We need to return. 01:15.390 --> 01:15.670 True. 01:15.710 --> 01:16.190 Also. 01:18.390 --> 01:27.710 Let me pass this thing with a row as rows. 01:28.870 --> 01:29.430 All right. 01:31.110 --> 01:31.510 Okay. 01:31.510 --> 01:36.630 We need to check that if we don't provide anything. 01:38.190 --> 01:38.750 Okay. 01:40.270 --> 01:50.230 Or we provide it with empty, it means we will allow any user can perform this action right now, the 01:50.230 --> 01:51.470 first thing I want to check. 01:51.870 --> 01:56.790 And we need to check if required. 01:56.790 --> 01:57.230 Row. 02:00.350 --> 02:01.070 Right here. 02:02.470 --> 02:03.820 If skin. 02:03.820 --> 02:05.380 Close the Acme. 02:06.620 --> 02:07.180 Okay. 02:08.540 --> 02:11.260 And the current users. 02:11.780 --> 02:16.220 Let me create the current user. 02:34.380 --> 02:39.100 And if the current user is Acme. 02:45.060 --> 02:47.100 Sorry, you got it wrong. 02:47.860 --> 02:49.340 Is Acme. 02:53.060 --> 02:53.740 Right here. 02:54.660 --> 02:55.860 We will allow. 02:56.380 --> 02:57.060 Allow us. 02:57.060 --> 02:57.500 Right. 03:03.020 --> 03:05.140 If it's at a require right? 03:05.780 --> 03:09.660 We have the admin and the current user. 03:09.700 --> 03:10.780 We also admin. 03:10.820 --> 03:14.100 We will allow it to perform the action. 03:16.340 --> 03:25.340 And we do just one more thing if required include if we include the user and the current user. 03:27.420 --> 03:29.700 A also the user. 03:30.500 --> 03:45.100 We will allow plurals, but we will not allow this because we want only the user has its own resource 03:45.140 --> 03:45.940 can be. 03:48.020 --> 03:48.700 Retrieved. 03:48.700 --> 03:49.100 Right. 03:49.580 --> 03:58.180 And with a little bit more than that in here we need to check the current user. 04:02.820 --> 04:03.580 Right here. 04:04.340 --> 04:04.740 Okay. 04:04.740 --> 04:05.970 For User ID. 04:06.770 --> 04:12.890 Current user dot underscore ID and resource ID. 04:13.650 --> 04:14.170 Okay. 04:14.210 --> 04:19.730 We will request.param.id okay. 04:19.770 --> 04:22.490 For example inside here in order to update. 04:24.930 --> 04:25.690 The user. 04:28.970 --> 04:32.690 Right here it needs to pass the user ID right. 04:33.330 --> 04:38.690 So for example here we will retrieve the id based on the param. 04:40.210 --> 04:42.610 We need to check if the user id. 04:45.410 --> 04:50.610 Is the same with id we will return true okay. 04:50.610 --> 04:52.250 If not, we will grow new. 04:54.850 --> 04:55.650 Forbidden. 04:56.890 --> 04:57.650 Exception. 05:09.800 --> 05:12.760 We always, um. 05:14.840 --> 05:15.480 You know. 05:19.360 --> 05:20.120 Do not. 05:27.000 --> 05:27.400 Uh. 05:31.400 --> 05:35.240 You cannot perform this action. 05:36.800 --> 05:38.680 Okay, I will scroll across. 05:39.160 --> 05:46.560 And if not, if it doesn't accept anything is, uh, any block right here, it will throw the error 05:47.720 --> 05:48.440 with the. 05:50.640 --> 05:52.520 Same message right here. 05:54.760 --> 05:55.360 Okay. 05:55.720 --> 05:59.240 Actually, you can change the message right here a little bit. 06:02.440 --> 06:03.200 Let me say. 06:06.360 --> 06:09.430 So All about the video. 06:09.830 --> 06:11.870 I already changed the message a little bit. 06:12.190 --> 06:12.910 Right here. 06:13.350 --> 06:14.430 In better way. 06:14.710 --> 06:22.710 You can only access your own resource and you do not have enough medicine in here. 06:22.750 --> 06:24.310 It's much more better. 06:25.670 --> 06:27.870 And let's see how it works. 06:33.350 --> 06:34.790 For now, for the more inside. 06:34.790 --> 06:39.590 I mean, if I perform the action, we will get an error, right? 06:39.590 --> 06:41.110 You do not have enough. 06:41.150 --> 06:41.870 But this one. 06:42.750 --> 06:43.390 Very cool. 06:43.390 --> 06:43.750 Right? 06:45.110 --> 06:46.750 Right here I will duplicate with. 06:49.190 --> 06:49.630 Right. 06:49.670 --> 06:50.550 My users. 06:51.870 --> 06:52.390 Okay. 06:52.750 --> 06:55.670 For example, right here. 06:58.390 --> 07:00.750 Let me open the database. 07:07.750 --> 07:14.590 Right now I will sign in with the account right here. 07:21.350 --> 07:21.870 Okay. 07:22.830 --> 07:28.030 And if I find the another account, let's say. 07:30.990 --> 07:34.550 Now you can only access your own resource. 07:36.110 --> 07:41.830 Right now, if I copy the own resource, I will say. 07:42.310 --> 07:45.550 Now you can say it already successfully. 07:46.190 --> 07:46.710 Right. 07:47.390 --> 07:55.110 That is how we can perform the authorization in this case. 07:55.550 --> 07:55.950 Okay. 07:55.990 --> 07:59.630 With the reflect tennis. 08:01.790 --> 08:02.750 And golf. 08:02.990 --> 08:06.790 So I hope you understand this video. 08:07.430 --> 08:09.270 I will see you in the next one.