Assignment 7

Tracking Album Creators

Update the Create and Edit Album routes so that only authenticated users can access them. You can use the custom-auth middleware that we created in class. Also, hide the “New Album” link if a user isn’t authenticated. You will address controlling the visability of the “Edit” link later in this assignment.

Update the albums table with a foreign key column called user_id using a migration. This column should be nullable. This column will be used to keep track of who creates albums.

In your database, write a SQL statement to update albums.user_id with the id of the user that you created in Assignment 6.

Update the New Album page that we did in class to assign albums.user_id with the authenticated user’s id.

Update the albums table page to include the name of the user who created the album.

Authorization for Editing Albums

Update the Edit album feature to only allow users to edit the albums that they created. Also, any user with a role of admin (currently this only consists of the user) should be able to edit any album. Be sure to add authorization logic to the following:

  1. The edit and update methods in the AlbumController
  2. Hide the “Edit” link in the albums table if a user can’t edit an album.

If a user isn’t authorized to edit an album, redirect them to Laravel’s default 403 page.

You must use either Gates or Policies for the authorization logic.


Verify that your app has been deployed to Heroku.

Send an email to Brighton and me with the URL to your GitHub repository with the subject: “ITP 405 - Assignment 7”.