Plan User Associations 0:00Now, the make colon auth command is really intended to be something you do at the very beginning of a project. Very likely, you're not going to work for six months and then run that command. No, you'd want to do that right when you install the project. So in our case, let's not use that command and instead figure out, well, how can we associate each post with a user and then display it here? Okay. Well, if we switch over to SQL Pro and give this a refresh, we do know that we have a users table because Laravel provided that migration out of the box, but we don't have any user. Create a User 0:27users table because Laravel provided that migration out of the box, but we don't have any user. So why don't we manually whip one up very quickly? New app user, and we'll need to provide a name, email, and password. All right. Name will be John Doe. User's email will be john at example.com. And then finally, user password. We never want to hard code these things. My secret password. Hash Passwords with bcrypt 0:51We never want to hard code these things. My secret password. You want to be careful about this. So if I were to save this, the end result, if I switch back to SQL Pro, give this a refresh, is that our password has been stored in what we would call clear text. And this is a very, very big no-no. Do not ever do this. If you set up a project and you go to the users table and the passwords column is in clear text, this is bad and you need to fix it. You always want to encrypt these things.clear text, this is bad and you need to fix it. You always want to encrypt these things. So that worst case scenario, if somebody does hack into your database, they don't get access to every single password because those could then be used to access their accounts on other websites. We always want to encrypt it. So I'm going to delete this and we're going to do it again. So we have our new user. We set the user's name. We set their email.We set the user's name. We set their email. But this time for the password, yeah, we're not going to hard code the password. Instead, we're going to run it through a function called bcrypt. You'll see that when we do this, it generates a unique secure token. And when the user tries to sign in, it will compare their provided password against this secure token. So now if we save it, and if I switch back to SQL Pro and give this a refresh, yes, this is what we want. A long, secure password that will be hard to break.is what we want. A long, secure password that will be hard to break. Much better. All right, so now we need some way to say John, we'll update his ID to 1, is the one who wrote some of these posts. But notice that, well, for posts, there's no connection, right? There's no area on the post to signal who is the person that created this. And the same would be true for comments. A comment is associated with a post, but it's not associated with a user. So let's adjust a couple things. Add user_id Migrations 2:33A comment is associated with a post, but it's not associated with a user. So let's adjust a couple things. I'm going to return to our create post table migration, and now we want a user ID associated with it. That way we can identify this post is associated with that user. Next, we're going to go to the create comments table migration, and we're going to do the exact same thing again. A comment belongs to a user, but it also belongs to a post. All right, so let's run phpArtisan migrate refresh. Okay, it rolls everything back and then reruns them.All right, so let's run phpArtisan migrate refresh. Okay, it rolls everything back and then reruns them. Do note that you will lose your data, but that's okay. There's ways around that. There's database seeding. You can research. Lots of options there. Anyways, comments now has a user ID, and so does post. So now that we have these two relationships set up, maybe we can do this. If we go to our comment model, yes, a comment belongs to a post, but we've also learned Define Model Relationships 3:21So now that we have these two relationships set up, maybe we can do this. If we go to our comment model, yes, a comment belongs to a post, but we've also learned that a comment can belong to a user. So let's set up that relationship. Now we could say, given the current comment I have, if I want to grab the user associated with it, I can simply do that. So then if we want to grab the name of the user who created the comment, this would be the syntax we use. And again, this is only available because we add this method. Next, the exact same thing is going to be true for a post.And again, this is only available because we add this method. Next, the exact same thing is going to be true for a post. A post belongs to a user. So if I want to grab the user who created the post, once again, that is what I would do. We could even do, if we want, comment, give me the post, give me the user, and that will give us the username of the person who wrote the post that the comment is associated with. Kind of cool. Next, keeping in line with that, if you ever want to access all posts for a user, and you can imagine this would make perfect sense for a blog.Next, keeping in line with that, if you ever want to access all posts for a user, and you can imagine this would make perfect sense for a blog. If I want to grab all of John Doe's posts, but not Jane Doe's posts, then we need some way to filter that. Once again, we can go to our User class, and right down here we'll say, a user can have many posts. So we'll say, return this, has many, post. But now, yeah, we do have a problem. If we come back, yes, we can create a post. But now, if a post belongs to a user, this is all going to blow up, right? Protect Routes with Auth 4:41If we come back, yes, we can create a post. But now, if a post belongs to a user, this is all going to blow up, right? Because it's trying to populate those fields, but we didn't provide a user. And further, it stands to reason that the user ID should be the person who signed in, but we didn't protect that route at all. So in the next episode, we're going to manually set up our authentication. We're going to apply a middleware manually, and I think you're going to learn a lot. So stay tuned.
