Subscription required

We're contionusly adding new episodes to IHP Casts. Continue your journey into real-world functional programming by subscribing to IHP Casts!

Watch all of IHP Casts for 10 € / Mo

IHP Casts is made by digitally induced, the company making IHP. By using a paid plan you're supporting our mission to drive the adoption of haskell in the software industry.

Episode completed

Next epsiode starting in 3 seconds

Published at

Script

Having authentication does not do anything security wise if you don’t enforce any authorization. Let’s restrict the show user view to the user it’s showing only. We deny the access if the user id of the currently logged in user is not the same as the one we want to see. In the case the user is different or not even logged in, you will be redirected to the login screen or get an error message. We can quickly confirm this is working by opening the show view with the id of another user. We can take another id from the data explorer tool from ihp. In this case, I can’t view the page because the user i am trying to see is not myself. Another use case would be to restrict posting only to logged in users. We can do that by adding a ensureIsUser to the top of our actions we want to restrict. That way, we can also tie the user to the post and display who made the post in the show post view.

Discussion