How to authorize user to view only their own created notes?

As in my last post, I learned how to access the database and display all notes from all users, as well as how to show notes created by a single user.

Diving in code

Today, I learned how to authorize users to view and edit only their own no…


This content originally appeared on DEV Community and was authored by Ghulam Mujtaba

As in my last post, I learned how to access the database and display all notes from all users, as well as how to show notes created by a single user.

Diving in code

Today, I learned how to authorize users to view and edit only their own notes.

On VS Code Side

In fresh VS Code (version 1.90 at the time of work), we have following dependencies:

  • authenticate the user

  • create separate files to show responses to user when enters id to view note

User Authentication

User authentication allows users to view only their own created notes, and if a user enters a non-existent note ID, the process is terminated using the abort function and if a user tries to access another user's note, show a screen with the heading "Unauthorized".
All of these changes are made in note.php file.

<?php

$config = require('config.php');
$db = new Database($config['database']);

$heading = 'Note';
$currentUserId = 1;

$note = $db->query('select * from notes where id = :id', [
    'id' => $_GET['id']
])->fetch();

if (! $note) {
    abort();
}

if ($note['user_id'] !== $currentUserId) {
    abort(Response::FORBIDDEN);
}

require "views/note.view.php";

As the user enters correct id then related note is shown on page.

Response file

If a user enters a wrong user ID that belongs to another user, the response is checked and the relevant error file is executed.

<?php

class Response {
    const NOT_FOUND = 404;
    const FORBIDDEN = 403;
}

403 Error File

If the ID is present in the table but belongs to another user, a 403 error page is shown to the user, displaying a heading that reads: You are not authorised to view this page and a link 🖇️ that is underlined: Go back to home.

<?php require('partials/nav.php') ?>

<main>
    <div class="mx-auto max-w-7xl py-6 sm:px-6 lg:px-8">
        <h1 class="text-2xl font-bold">You are not authorized to view this page.</h1>

        <p class="mt-4">
            <a href="/" class="text-blue-500 underline">Go back home.</a>
        </p>
    </div>
</main>

404 Error File

When a user enters a id that is not present in database table neither related to any note then an error page is shown to that user which includes a heading that reads: page not found. and a blue text 🖇️: Go back to home.

<?php require('partials/nav.php') ?>

<main>
    <div class="mx-auto max-w-7xl py-6 sm:px-6 lg:px-8">
        <h1 class="text-2xl font-bold">Sorry. Page Not Found.</h1>

        <p class="mt-4">
            <a href="/" class="text-blue-500 underline">Go back home.</a>
        </p>
    </div>
</main>


I hope that you have clearly understand it.


This content originally appeared on DEV Community and was authored by Ghulam Mujtaba


Print Share Comment Cite Upload Translate Updates
APA

Ghulam Mujtaba | Sciencx (2024-06-22T09:22:11+00:00) How to authorize user to view only their own created notes?. Retrieved from https://www.scien.cx/2024/06/22/how-to-authorize-user-to-view-only-their-own-created-notes/

MLA
" » How to authorize user to view only their own created notes?." Ghulam Mujtaba | Sciencx - Saturday June 22, 2024, https://www.scien.cx/2024/06/22/how-to-authorize-user-to-view-only-their-own-created-notes/
HARVARD
Ghulam Mujtaba | Sciencx Saturday June 22, 2024 » How to authorize user to view only their own created notes?., viewed ,<https://www.scien.cx/2024/06/22/how-to-authorize-user-to-view-only-their-own-created-notes/>
VANCOUVER
Ghulam Mujtaba | Sciencx - » How to authorize user to view only their own created notes?. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/06/22/how-to-authorize-user-to-view-only-their-own-created-notes/
CHICAGO
" » How to authorize user to view only their own created notes?." Ghulam Mujtaba | Sciencx - Accessed . https://www.scien.cx/2024/06/22/how-to-authorize-user-to-view-only-their-own-created-notes/
IEEE
" » How to authorize user to view only their own created notes?." Ghulam Mujtaba | Sciencx [Online]. Available: https://www.scien.cx/2024/06/22/how-to-authorize-user-to-view-only-their-own-created-notes/. [Accessed: ]
rf:citation
» How to authorize user to view only their own created notes? | Ghulam Mujtaba | Sciencx | https://www.scien.cx/2024/06/22/how-to-authorize-user-to-view-only-their-own-created-notes/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.