Anvil: Web apps with nothing but Python Transcripts
Chapter: User management and authentication
Lecture: Guarding restricted views

Login or purchase this course to watch this video and the rest of the course contents.
0:00 Here's our app running again
0:01 and we have our user management working beautifully, right?
0:04 We can log in, log out, register all that good stuff.
0:06 However certain things don't make a lot of sense, right?
0:10 We can't get to the account view over here
0:12 because it's not shown, but in order to
0:14 add a measurement, hey we need to log in
0:17 before we can do that. In order to compare our history
0:20 against the average person we also need to have us
0:25 there as the source of what our data is.
0:27 So these two views really don't make a lot of sense
0:30 until you're logged in.
0:32 What we're going to do is we're going to refactor
0:34 things just a little bit to make sure that
0:36 before we're allowed to navigate to those views
0:39 we make sure that there's an account there
0:40 So that's what we're going to do.
0:44 So over here, let's go to the bottom
0:46 and write little function here called
0:49 require_account. And what this is going to do
0:52 it's going to run and make sure either an account
0:55 already exists, or already logged in
0:57 or make you log in to do that okay?
1:01 So let's go in here and say user = data_access.the_user()
1:07 That's what we had before, we'll say
1:09 if there is a user, return that user, everything is good.
1:13 But if there's no user we're going to require them to log in.
1:18 We'll say user = anvil.users.login_with_form(allow_cancel=True)
1:24 Cancel true, what we had. Now maybe this worked
1:27 maybe it didn't. So we're going to
1:31 get this user and we also need to toggle potentially
1:35 if they did log in and they weren't
1:36 something like that, the user states
1:38 so after we get the form like this
1:42 we'll say form.set_account_state(user) what did we call this over here?
1:46 Remember we have this set_account_state.
1:49 And pass in, the user and it toggles the UI
1:53 and then let's return user. So whoever calls this
1:56 they can check to see that a user
1:58 came back, either here or one was logged in.
2:00 If there's none, then they can decide.
2:03 Alright, so let's see, how will we
2:04 use that up here? Let's just get rid of the top navigation.
2:07 No, this one's fine. If you want to add
2:10 you're going to need a user, right?
2:12 So let's do that, let's say this.
2:17 If user =require account, say if not, go home.
2:24 So if there's no user, they didn't log in
2:26 either the user already logged in
2:28 or we asked them to log in and they didn't
2:30 then we're just going to say
2:31 look you can't go here, we're going to take you home
2:33 and this is probably going to look a lot like that
2:35 so same thing for compare and same thing for account.
2:41 You can't go to your account if you're not logged in.
2:44 Uh- this looks pretty good. Let's quit and run it.
2:47 Dyr@theanonymous. We try to go here, it should log us in.
2:52 Great, could log in. Couldn't log in the first time.
2:58 Boom. We logged in. It let us go through.
3:01 Next time, we're going to try go to compare
3:04 but we're already logged in so
3:06 it should just let us go there.
3:07 Boom. Same for the account. Same for add now.
3:11 If we log out, however, and try to go back to compare
3:14 boom, either we log in and we cancel
3:17 oh, that didn't work, did it? Aah looks
3:21 like we're not quite there, I think I
3:23 might need to return or something like that.
3:25 So let's go and quickly fix this little bit.
3:30 How about that? Perfect.
3:36 Let's test our cancel. So we're going to
3:39 try to go to add, we're not going to log in
3:41 it should take us back to home anonymous, cancel, boom.
3:45 This time let's try to go to add and actually log in.
3:49 Took us there, super. Same thing
3:51 should be the case for the others.
3:52 Right, we go here, everything's fine
3:55 not, it won't let us go there if we don't log in.
3:58 Great, so, I think our user interaction
4:00 is working pretty well. I might even call it done.