Securing Admin Pages with User Permissions
00:00 We have now created a bunch of utilities that we'll be able to use for making much easier queries to determine whether a user has permission to do a particular thing, which is quite nice. And so in addition to that, Kelly has also made us an admin page, which doesn't really
00:19 do a whole lot yet. But we want to lock this down to only admin users. And so you've got a couple of things that you need to do in this exercise. First, you need to update the root loader so that we're loading all the user's permissions. There shouldn't be a lot of them, but we do want to have the user permissions so that our UI can display the right stuff based
00:38 on the user's permissions. You're going to be creating a couple of, or updating a couple of utilities for being able to access those permissions. And then you're going to update a couple of places in both the admin route that I showed you, as well as the note ID route, so that we
00:56 don't have to do all those queries ourselves. It will be a lot easier, a lot better this way. So feel free to explore the utilities that Kelly put together for us, and then you can get into this exercise. Should be a good one. Have fun.