Build a Forum with Inertia and Laravel
This episode is for members only

Sign up to access "Build a Forum with Inertia and Laravel" right now.

Get started
Already a member? Sign in to continue
Playing
30. Discussion validation and authorization

Episodes

0%
Your progress
  • Total: 6h 54m
  • Played: 0m
  • Remaining: 6h 54m
Join or sign in to track your progress
01. Introduction and demo
6m 59s
0%
02. Getting set up
10m 36s
0%
03. Modifying registration for usernames
7m 15s
0%
04. Figuring out the forum layout
5m 57s
0%
05. Creating and listing topics
9m 15s
0%
06. Basic discussion listing
13m 33s
0%
07. Pinning discussions
4m 1s
0%
08. Tackling pagination in Inertia
8m 23s
0%
09. Customising pagination text in Laravel
52s
0%
10. Showing a discussion
6m 4s
0%
11. Setting up discussion posts
5m 53s
0%
12. Listing through discussion posts
5m 28s
0%
13. Adding more data to posts
8m 24s
0%
14. Adding pagination to posts
1m 35s
0%
15. Adding a post preview to discussions
4m 52s
0%
16. Adding the last reply to discussions
5m 54s
0%
17. Outputting discussion participants
8m 4s
0%
18. Limiting participants in the UI
5m 56s
0%
19. Ordering discussions by last post
4m 30s
0%
20. Handling deleted users
2m 31s
0%
21. Counting replies
8m 13s
0%
22. Building our first filter
8m 31s
0%
23. Highlighting current filters, and merging with pagination
5m 37s
0%
24. Adding auth specific filters
6m 40s
0%
25. Adding the topic filter
8m 18s
0%
26. Scaffolding the new discussion form
13m 29s
0%
27. Toggling the create discussion form
9m 2s
0%
28. Keeping form state
4m 59s
0%
29. Storing a new discussion
11m 29s
0%
30. Discussion validation and authorization
5m 1s
0%
31. Generating markdown for posts
8m 37s
0%
32. Toggling the markdown preview
7m 43s
0%
33. Fetching and displaying markdown
8m 6s
0%
34. Adding a markdown shortcut toolbar
5m 53s
0%
35. Dealing with SVG icons
7m 46s
0%
36. Creating the reply form
7m 48s
0%
37. Basic Inertia permission checking
6m 26s
0%
38. Creating replies to discussions
5m 37s
0%
39. Jumping to posts
11m 40s
0%
40. Automatically scrolling to posts
6m 18s
0%
41. Toggling post editing
7m 32s
0%
42. Editing posts
3m 36s
0%
43. Deleting posts
4m 21s
0%
44. Deleting discussions
6m 7s
0%
45. Setting up for best answers
7m 29s
0%
46. Toggling the best discussion answer
12m 14s
0%
47. Solved and unsolved filters
2m 23s
0%
48. Indexing discussions for search
8m 6s
0%
49. Searching discussions
12m 35s
0%
50. Debouncing search
2m 47s
0%
51. Adding mentionable functionality to forms
6m 32s
0%
52. Indexing users for mentioning
9m 9s
0%
53. Hooking up users for mentions
10m 10s
0%
54. Detecting and storing mentioned users
9m 54s
0%
55. Adding the mentioned filter
2m 26s
0%
56. Adding mentions to the markdown toolbar
1m 1s
0%
57. Adding mentions to the reply form
7m 21s
0%
58. Fixing up some unauthenticated state
1m 1s
0%
59. Fixing up post scrolling
1m 48s
0%
60. Reviewing SSR (Server-side rendering)
8m 20s
0%
61. Preventing parent posts from being deleted
2m 31s
0%
62. Improving solution marking
4m 9s
0%

Transcript

00:00
To finish off our new discussion form, we're going to go ahead and add in some authorization and validation. Now, authorization doesn't matter as much at this point, because anyone that's signed in can create a discussion. But later on, if we change that, we want that authorization in place just in case.
00:20
Most important thing here really is the validation. So let's go over to our create discussion form. First of all, I'm just going to go ahead and change around the button here. So let's search for that button and I'm going to just change the wording around.
00:37
So let's say start discussion. So all of that kind of makes sense. OK, so validation, how are we going to tackle this? Well, we're going to do this in a form request because from all of the actions in our forum, we're going to have authorization.
00:53
It makes sense to keep these both in a form request. All this does is replace out the standard request, but allow you to define things like whether the user is allowed to do something, e.g. authorization and also the validation rules. So let's make out a request in here.
01:08
And the format for this that we follow is store whatever we're storing. So in this case, a discussion and request. So let's actually reference Arton properly, and we now have our store discussion request, which we're just going to replace out in here. So store discussion request.
01:28
Let's open this up. That lives in HTTP and requests. We have authorized here. Let's send that to true just for now.
01:35
But let's focus on our validation rules. So these are quite simple. The title here is just required and we'll set a max here of 255, although you can control that. Let's set the body in here just required and we won't set a max.
01:51
And then the topic ID is slightly more complicated. Of course, it's required, but it also needs to exist within the topics table. So for this, we're going to go ahead and pull in the rule class. We're going to say exists.
02:05
We're going to pass in the topic namespace for the model, and then we're going to choose the column that it must exist by, which is the ID. OK, so validation now should just be working. Let's head over here and hit start discussion. And sure enough, you can see all of our validation rules are working and we're now displaying all of the validation errors.
02:28
So we'll finish up just by adding in some policies in here for the discussion just to add in the authorization to check whether we can create a discussion. But we're going to be focusing on these more later when we get to the posts where we're going to have the ability to check authorization for editing, marking best answer for the overall discussion and all that stuff. So let's just get started with authorization by making out a policy for the discussion model or any discussion instance. This is discussion policy and we register this over in auth service provider and we can add this under policies here.
03:07
So we're going to reference the discussion model and say that the policy attached to this is the discussion policy that's registered that now. If we head over to the discussion policy and we get rid of the constructor in here, we can just create any methods so we can say, can a user create a discussion? So in here, we'll bring in the user. We don't need a discussion because to create a discussion, we don't necessarily need to have a discussion.
03:36
And we're just going to return true. Later, if you have some kind of condition over whether a user can create a discussion, you can just add the logic in here. Then they won't be able to create a discussion. They don't have permission.
03:49
So to authorize this, we're going to go over here and say auth user can create. And we don't have a discussion instance, but we just want to pass in the full namespace to the discussion. So if we check this out now, try and create a discussion. Let's just say one more, one more body, and we'll go ahead and choose a topic that should work.
04:13
And yes, home topic does not exist. Let's just have a look at where that is. So that's in our form request. So let's go over to our store discussion request here and just put in the namespace for the topic.
04:29
Let's try this again. And there we go, that's created. However, if we go over to our discussion policies, set this to false or whatever logic you have in there means that a user can't post a discussion. And we just try this again, just don't need a rubbish.
04:45
You can see we get a 403, this action is unauthorized. So we're going to switch that back to true. And now we've implemented some very basic authorization here that at the moment does nothing, but it gives us a good start. And of course, more importantly, we're also validating all of this as well.

Episode summary

In this episode, we wrap up our new discussion form by adding both validation and authorization. The cool thing is that even though everyone can create a discussion right now (as long as they're signed in), we set up the structure for authorization in case we want to restrict this later.

First, we focus on making sure the form fields are properly validated. We head over to our form and update the wording on our button to say "Start Discussion" to make things a bit clearer. Then, we dive into creating a custom form request, where we define validation rules: the title is required and has a max length, the body is required, and the topic ID is not only required but must exist in the topics table. This ensures that only valid data gets through and we display helpful validation errors to users if something’s wrong.

Next, we get the groundwork ready for proper authorization. We create a policy for our Discussion model and register it in the auth service provider. For now, the policy just returns true (everyone can post), but this sets us up to easily add more sophisticated rules later. We then test this out to see that everything works—if we switch the policy to return false, unauthorized users are blocked from creating discussions.

By the end of the episode, we have both validation and an extendable authorization system in place for discussions. This lays the foundation for more advanced features like editing discussions or marking best answers in the future.

Episode discussion

No comments, yet. Be the first!