Update the Create and Edit Album routes so that only authenticated users can access them. You can use the
custom-auth middleware that we created in class. Also, hide the “New Album” link if a user isn’t authenticated. You will address controlling the visability of the “Edit” link later in this assignment.
Update the albums table with a foreign key column called
user_id using a migration. This column should be nullable. This column will be used to keep track of who creates albums.
In your database, write a SQL statement to update
albums.user_id with the
id of the
firstname.lastname@example.org user that you created in Assignment 6.
Update the New Album page that we did in class to assign
albums.user_id with the authenticated user’s
Update the albums table page to include the name of the user who created the album.
Update the Edit album feature to only allow users to edit the albums that they created. Also, any user with a role of
admin (currently this only consists of the
email@example.com user) should be able to edit any album. Be sure to add authorization logic to the following:
updatemethods in the
- Hide the “Edit” link in the albums table if a user can’t edit an album.
If a user isn’t authorized to edit an album, redirect them to Laravel’s default 403 page.
You must use either Gates or Policies for the authorization logic.
Verify that your app has been deployed to Heroku.
Send an email to Brighton and me with the URL to your GitHub repository with the subject: “ITP 405 - Assignment 7”.