WEBVTT

00:01.860 --> 00:02.460
Okay.

00:02.460 --> 00:08.370
In the last video, we've created a new method for creating users.

00:08.370 --> 00:12.630
And as you can see here at the moment, we have two users in our database.

00:12.840 --> 00:15.060
So I would like to show you something.

00:15.060 --> 00:22.710
If we go to the admin here and we have users here, that's two users that have been created.

00:22.710 --> 00:27.270
One is the created with super user, another one we've created with a postman.

00:27.510 --> 00:31.770
And so all the information as we pass it will be here and that's fine.

00:31.770 --> 00:34.890
So we have username and we have also hashed password.

00:34.890 --> 00:42.750
But the problem is if we go to the tokens, we have only one token for the Christian, which is the

00:42.750 --> 00:43.650
first user.

00:43.650 --> 00:49.350
So Django automatically is not creating a tokens for each user we've created.

00:49.350 --> 00:51.960
So what we need to do is we need to fix it.

00:51.990 --> 01:00.090
If we go to the Serializers here and this is the method we have used for creating our user and the user

01:00.090 --> 01:06.340
is created correctly with this method, but we also need to create a token.

01:06.340 --> 01:08.830
So what we can do is we can do token.

01:11.750 --> 01:15.560
And in the same way as we've done it with the users above token.

01:18.970 --> 01:28.330
Objects and then we can do create and then we do user equal to user because at this point we already

01:28.330 --> 01:29.110
have a user.

01:29.110 --> 01:34.120
It will be created, it will be returned to this variable and we have it available here.

01:34.120 --> 01:37.210
So we can should be token, we need to import it.

01:37.210 --> 01:43.240
So basically this object that is been created will be passed to the token and will create a token from

01:43.240 --> 01:43.510
here.

01:43.510 --> 01:56.770
So now we need to import the token from rest framework out token models, import token and we have the

01:56.770 --> 01:57.100
token.

01:57.100 --> 02:00.550
So basically at the at this point it will work.

02:00.550 --> 02:07.750
What we can do here is we can we could pass it this token to a return if we need it, but I don't think

02:07.750 --> 02:08.500
it's needed.

02:08.500 --> 02:14.890
So what we can do is we can just create it and we don't care at this point for a token.

02:15.250 --> 02:20.990
But you have an option that you will assign to a variable and you will pass it in return and it will

02:20.990 --> 02:21.860
be available.

02:22.040 --> 02:23.690
So let's test it now.

02:23.690 --> 02:26.750
Let's go back to the postman and we have our post.

02:27.020 --> 02:31.790
Uh, let's change it for a post method so it will use username and password.

02:31.790 --> 02:34.640
And this time let's create a Christian tree.

02:34.880 --> 02:36.410
So I will send it.

02:38.080 --> 02:39.520
Uh, it's not working.

02:39.520 --> 02:41.830
I think our server is not running, is it?

02:43.360 --> 02:46.150
Uh, we have invalid syntax.

02:49.690 --> 02:52.210
In our serialized line for.

02:53.100 --> 02:54.180
So.

02:57.090 --> 02:58.740
Let's run it again.

02:58.740 --> 03:01.950
I think that was before we actually save it.

03:01.950 --> 03:04.950
So we run it again and let's try.

03:06.050 --> 03:06.680
To send it.

03:06.680 --> 03:10.890
And you can see ID3, which is new user and then username Christian three.

03:10.910 --> 03:14.190
Let's go to our admin and check if we have actually a token.

03:14.210 --> 03:18.460
So I'll refresh this page and in fact we have a token for Christian three.

03:18.470 --> 03:24.110
So at the moment we are creating users and this will create a token automatically for us.

03:24.110 --> 03:27.650
So that token will be available when we will try to log in.

03:27.800 --> 03:29.960
So let's do that login now.

03:29.960 --> 03:34.760
So I will do out and that's our method for authentication.

03:34.760 --> 03:35.510
Our user.

03:35.510 --> 03:40.820
I will use the same username and password and we are expecting to see that new token and that will be

03:40.820 --> 03:41.480
the post method.

03:41.480 --> 03:42.650
So send.

03:43.680 --> 03:48.210
And you can see here the token is so the token ends with C0 six.

03:49.050 --> 03:52.380
And that's zero six for that Christian user.

03:52.560 --> 04:00.270
And at this point, we have our application kind of ready for this, but we can also do some extra steps

04:00.270 --> 04:01.740
to secure it.

04:01.740 --> 04:12.060
So by secure it, we can implement different ways that it will be restricted to C for certain users,

04:12.090 --> 04:14.400
a certain part of our application.

04:14.400 --> 04:17.850
So what we can actually do, we can go to the views.

04:18.700 --> 04:25.460
As we've done in the previous parts, we can also implement some permission classes.

04:25.480 --> 04:33.640
So first let's go to the settings and anywhere here we can create a our settings for rest framework.

04:42.910 --> 04:43.660
Default.

04:53.250 --> 04:55.320
That's but supposed to be singular.

05:08.360 --> 05:09.140
Like that.

05:09.170 --> 05:10.850
We've done that before.

05:10.850 --> 05:16.520
So basically what we are saying is default permission classes for the whole application will be isauthenticated.

05:16.520 --> 05:20.750
So we'll restrict our application to for login users only.

05:20.750 --> 05:25.160
So this is authenticated, it's now available for all of this.

05:25.160 --> 05:33.410
So if I go here and let's say I will try to get the list of the movies and like that movies and then

05:33.410 --> 05:35.750
I will send it here and.

05:37.230 --> 05:39.420
Actually, we have some problems now.

05:39.560 --> 05:39.960
Uh.

05:41.820 --> 05:44.310
The object is not callable string.

05:48.930 --> 05:49.590
Let's see.

05:49.590 --> 05:50.610
What is that?

05:52.810 --> 05:56.950
So permission for permission in self permission classes.

05:57.100 --> 06:05.020
So I think we need to add it first inside our views and the movie we can call permission classes here

06:05.020 --> 06:16.120
and then we can do is our tentacle ID and then we can do.

06:19.430 --> 06:21.770
From rest framework.

06:23.970 --> 06:25.470
Permissions.

06:26.010 --> 06:29.430
We can do is authenticated like that.

06:29.430 --> 06:33.360
So basically, we're telling that this needs to be authenticated.

06:33.360 --> 06:35.610
Let's check if that was the error.

06:36.940 --> 06:40.240
And in fact authentication credentials were not provided.

06:40.240 --> 06:45.130
So if we use this token for the user three.

06:46.070 --> 06:49.190
We can actually authorize ourself.

06:49.190 --> 06:53.140
We can use it in the headers and this is how we're going to use it in the front end.

06:53.150 --> 07:03.800
So I will put authorization here and then value will be token capital, token space and we can paste

07:03.800 --> 07:04.970
our string here.

07:04.970 --> 07:09.230
So we send it now and I can see a list of the movies are available.

07:09.230 --> 07:12.230
So what we can do is we can take this.

07:13.780 --> 07:15.640
And we can apply it for rating.

07:15.780 --> 07:22.900
We have already token of the authorization, so the permission classes here is authenticated will be

07:22.900 --> 07:23.590
for this.

07:23.590 --> 07:30.040
But in fact, what we can do is, for example, it's really up to us how we would like to design this,

07:30.040 --> 07:36.400
but for permission classes we can do allow any we need to also import this.

07:38.460 --> 07:45.660
From the same permissions so allow any for movies and we can do is allow for rating.

07:46.020 --> 07:51.480
So I will save it now and let's say movies and I will disable this authorization.

07:51.930 --> 07:54.390
So the movies works without the authorization.

07:54.390 --> 07:55.830
If I will go ratings.

07:59.290 --> 08:00.820
I need to provide it.

08:01.800 --> 08:03.720
And you can see I can do that.

08:03.720 --> 08:11.150
So this all depends on us, how we would like to restrict certain parts of the application and we have

08:11.150 --> 08:13.100
a full control over over this.

08:13.110 --> 08:14.910
So let's say we will keep it like this.

08:14.940 --> 08:22.260
If we want to have a ratings or create a ratings, then you will need to have this authentication authorization

08:22.260 --> 08:32.160
and then we can have actually let's restrict all our movies as well because we'll kind of lock our application

08:32.160 --> 08:33.090
under the login.

08:33.090 --> 08:37.950
So we need to be logged in to see the the application so we will have it as Android negated.

08:39.360 --> 08:47.640
Another thing I would like to show you is we have our rate movie method here, and that means that we

08:47.640 --> 08:51.630
don't want to have the post method and for a put method.

08:51.630 --> 08:57.180
So we have our rate method that will do either update or create a record.

08:57.180 --> 09:05.550
But in fact, in the model view set, if we go here and then we can have update model mixing and that's

09:05.550 --> 09:09.030
one method that is available, this one.

09:09.330 --> 09:15.750
So it's kind of allowing user to do something that we should restrict it because we have our own.

09:15.750 --> 09:22.620
So what we can do is if I will copy this update and go back to the views and on top of this rate movie,

09:22.650 --> 09:30.600
what we can do is I will come here and create another method and that method will be used instead of

09:30.600 --> 09:31.920
the Django built in one.

09:31.920 --> 09:33.990
So what I can do is I can say.

09:37.090 --> 09:43.540
Message you can't update.

09:45.960 --> 09:47.310
Writing like that.

09:48.600 --> 09:53.920
So this is what we have now, and then we can provide the message.

09:53.940 --> 09:58.920
Also, I can restrict the create one.

09:58.920 --> 10:04.980
So basically what we are saying, we overwrite the existing one in Django so they won't be used, our

10:04.980 --> 10:09.900
will be used and in fact we disable them because we are not going to do anything here.

10:09.900 --> 10:16.950
We'll just return the message You can't do this so you can't create ratings like that.

10:17.100 --> 10:18.870
So let's come back to our postman.

10:19.350 --> 10:24.540
And you see we have our ratings, so let's try to post our rating.

10:24.540 --> 10:26.010
And then we go to the body.

10:26.010 --> 10:38.820
Then we do start, let's say for for a movie, movie, let's say one, and the user will just create

10:38.820 --> 10:41.970
a user and we will use user one.

10:41.970 --> 10:46.330
So let's try to use the normal post for the rating.

10:46.630 --> 10:48.100
And you can see here.

10:50.390 --> 10:51.590
Must be a unique set.

10:51.590 --> 10:58.340
So basically what is happening now is it's kind of restricted by the unique.

10:58.340 --> 11:04.650
But if we will do something that is already not unique, we don't have any rating for the user to if

11:04.670 --> 11:05.630
I'll send it now.

11:07.750 --> 11:09.880
We are still using this.

11:09.880 --> 11:12.640
And the reason for that is.

11:14.240 --> 11:16.820
Because I kind of put it in a wrong place.

11:16.820 --> 11:24.590
So if I will come back here and I will take it out, I should put it in the rating because that's what

11:24.590 --> 11:25.430
we want to restrict.

11:25.460 --> 11:28.490
We want to restrict putting our ratings from the ratings.

11:28.490 --> 11:30.500
So update and create will be disabled.

11:30.500 --> 11:36.170
So if I'll go back here, we will need to remove that ID five.

11:36.200 --> 11:42.890
So I will remove rating five from here first and I will try to send it again.

11:42.890 --> 11:48.650
So five has been removed and then let's do post again with the same data as we've done before.

11:48.650 --> 11:49.910
So send it now.

11:49.910 --> 11:56.810
And you can see here you can't rate a great rating like this at the same way will be with update.

11:56.810 --> 12:05.210
So this is the way we can actually prevent using the default built in methods because if we use model

12:05.210 --> 12:08.330
view set, it will be open to everything.

12:08.330 --> 12:15.450
So it will be open to all the five methods and if we want to stop using them, we can override it with

12:15.450 --> 12:19.740
our own custom code here and then we can just display some message here.

12:19.740 --> 12:24.570
So this is the way you can actually control your application.

12:24.570 --> 12:29.550
So we so far created a ready application.

12:29.550 --> 12:35.280
We have our authorization so we can login the user, we can create user along with a token, we can

12:35.280 --> 12:39.030
get that token and then we can authorize this.

12:39.030 --> 12:45.210
And we have a full model for movies and we have our own method for creating ratings.

12:45.210 --> 12:50.730
And at this point we are ready to move to another section, which is our front end.

12:50.730 --> 12:56.760
And in the front end we will use all that data that's coming from our database and we will use it as

12:56.760 --> 12:59.340
a Json to display that on screen.