#**LAB 12**

**note:** relevant to part 10 of Corey's Web App tutorial videos

###**Overview:**

Adding the ability for users to add posts that will subsequently show up on the home page of our site.

Will look at using class-based Views in order to work with our post model and see how these class-based Views can be useful.


##**STEP 1)** Implementing class-based views

###**Overview:**

Will look at class-based views in order to display, update and delete new posts.

**A)** In our blog app, open our views.py file.

This is where (minimum)our current 'home' and 'about' views. 

So far throughout the whole project, we have been using function based views. Our urlpatterns are directed to a certain views, which are these functions. And then the views then handle the logic for the routes and then render out templates.

Class-based views have alot more built-in functionality that will try to handle alot of backend logic for us.

There are different kinds of class-based views such as

*   List views 
*   Detail views
*   Create views
*   Update views
*   Delete Views
*   and several more

A lot of websites have very similar functionality e.g. a blog.

A page that lists all your blog posts is a list view 

If we were to click on one of those posts it would show us the post in much further detail, all of the content of it etc. This is a detail view.

The ability to update, delete blogs are update and delete views respectively.

Django tries to predict some of this commmon behaviour and give us these generic views that do alot of the background work for us.

 Right now we have a homepage that gets all of our post objects and passes them to our home.html  to display all of them there. This is a good candidate for  a list view as it displays all of our posts.

**B)** In your blog views.py file add the following import.

In [None]:
from django.views.generic import ListView

We now need to create a class as these are CLASS-based views.

**C)** Implement the 'PostListView' class as seen in the code cell below.

In [None]:
class PostListView(ListView):
    model = Post #this tells our list view what model to query, in this case all of our Posts


These two lines alone create our list view however we will need to add a bunch more things to it.

In order to use this open your blogs/urls.py file.

**D)** First implement the following import in the code cell below

**What are we importing exactly?**

**Answer:** We are importing the class PostListView from our blogs view.py file

In [None]:
from .views import PostListView

**E)** In our 'blog-home' path change the code, specifically change

views.home

to

PostListView

The line of code should look like this

In [None]:
path('', PostListView, name='blog-home'),

However when using class-based views we cannot just simple place it where the previous function based views syntax was. 

We need to actually convert it into a view. We can do this with the inbuilt function 'as_view()

**F)** Implement .as_view() after PostListView, as seen below.

In [None]:
path('', PostListView.as_view(), name='blog-home'),

Load our browser and site up and see what happens.

It currently won't work right now though, so let's read the error.

**Keypoints:** 

*   Error said template doesn't exist
*   By default class-based views look for templates of a certain naming pattern. 



In [None]:
#In this case it looking for a template with the naming convention off...
<app>/model>_<viewtype>.html

So it was looking in blog, then post since that is the model, and then the viewtype is list.

We could create a template with this naming convention and it would see that template or we can change which template we want this view to use and the latter is what we will be doing as we already have a template for our 'home view'

##**STEP 2)**  Changing the template our class-based view is looking for

###**Overview:**

Will change which template we want this view to use, as we alredy have a template for our home page.

**A)** Go back to our PostListView class in our blogs/views.py file and implement the following code to the class under the last line of code.

In [None]:
    template_name = 'blog/home.html'  #Reference :<app>/<model>_<viewtype>.html

This still will not work just yet as it doesn't know the variable name in our template that we're going to loop over.

E.g. In our home view function we called all of our post objects post in our context however by default our list view is going to call that variable object list instead of post.

We can either go into our template and change it so its looping over object list or let the class know we want the variable to be called post instead

**B)** Since we already have the template created we are just going to change the name of our variable in our list view. 

To do this implement the following code under our 'template_name'.


In [None]:
context_object_name = 'posts' #we set it as posts as that's what is it in our home template

**Your PostListView class should look like this:**

**Note:** The comment in the code isn't necessary

In [None]:
class PostListView(ListView):
    model = Post
    template_name = 'blog/home.html'  # <app>/<model>_<viewtype>.html
    context_object_name = 'posts'

**C)** If you go on your site now we should be able to access the home page with no complications now.



##**STEP 3)** Ordering our blog posts

###**Overview:**

Even though our class-based views is now able to access our home page with no errors the blog posts, our oldest blog post is at the top and the latest at the bottom. We want the latest ones at the top.

**A)** To do this we are going to change the order our query is making to the database. Open your blogs/views.py and go to our PostListView class and implement the line of code with the comment as shown.

The '-' sign in ['-date_posted'] will invert this and post them newest to oldest.

In [None]:
class PostListView(ListView):
    model = Post
    template_name = 'blog/home.html'  
    context_object_name = 'posts'
    ordering = ['-date_posted'] #Implement this line as shown. 

NameError: ignored

**B)** Reload the browser, check the same page as it should now be ordered newest to oldest.

Now that the list view is fully implemented lets note some differences between it and the 'home' function based view.


In [None]:
#Function based views
def home(request):
    context = {'posts' : Post.objects.all()} 
    return render(request, 'blog/home.html', context)


#class-based views
class PostListView(ListView):
    model = Post
    template_name = 'blog/home.html'  # <app>/<model>_<viewtype>.html
    context_object_name = 'posts'
    ordering = ['-date_posted'] 

We aren't really inputting less code in with the class-based view however with this we are basically just setting some variables compared with the function based views where we actually have to render a function and explicitly pass in that information.

We could of saved some lines of code if we used 'generic view defaults'. If we created the template with the naming convention our list view was looking for and used the variable name of objectlist inside of our template instead of post. 

We could've just used the model and ordering parts of the code.


##**STEP 4)**  Implementing another class-based view but sticking to the conventions we just went covered in the previous step.


###**Overview:**

Will create a template with the naming convention our class-based view was looking for and use the variable name of objectlist inside of our template instead of e.g. post. 

We will stick to all conventions to see how it cuts down on how much code we need to input.



**A)** Looking at an indiviual post is a detailed view, so first import it.

Add 'DetailView' to the same import we used to import ListView. Code should match cell below.

In [None]:
from django.views.generic import ListView, DetailView

**B)** Implement this class under your PostListView class.

In [None]:
class PostDetailView(DetailView):
    model = Post

**C)** We need to now create the urlpattern. Open up our blog/urls.py and again add PostDetailView( the name of the class we jsut added) to the list of imports, on the same line as PostListView.

Import should look like cell below.

In [None]:
from .views import PostListView, PostDetailView

**D)** Now we need to create a route that takes us to a specific post. We have to crete a urlpattern that contains a variable. To this we will use something new.

E.g. if we want to go to the page for blog one the url would be:

post/1

and for the page of blog 2:

post/2


Django allows us to add variables within our actual routes. We want to create a route where the ID of the post is actually part of the route.

In [None]:
path('post/<pk>', PostDetailView.as_view(), name='post-detail'), 
#pk meaning primary key of the post we want to view
#e.g. if we are going to the post/1 then it would be the blog with the ID of 1/ the pk of 1

If we know the pk is only going to be a integer we can tell Django to only expect integers by implementing the following code.

In [None]:
path('post/<int:pk/>', PostDetailView.as_view(), name='post-detail'),
#Again by specifying the 'pk' variable in the URL that allows us to grab that value from the URL
#and use it in out view function.
# int: will prevent anyone putting in values that are not integers.
# We end all of our routes with a trailing /, a


Remember we are trying to stick to conventions to demonstrate how little code we need to use. The reason we sued PK is because that is what detailed view expects it to be in order to go grab that specific object. 

We could change that by adding an object to our class but that is not our intentions for this step (Refer to the overview)

**E)** We need to create a template that will display our post details. Go back to our views.py, we can see that our class is looking for the template with the naming convention of...

In [None]:
<app>/<model>_<viewtype>.html

Breakdown of this is:
It's going to be looking in

*   in the directory of the app name (blog)
*   a template with the model name (post)
*   then the template type/ the view type (detail)

**F)** Create a template witht that name so it finds is automatically, unlike with our class-based list view.

Create a new template in the sub-directory of blog and name it 'post_detail.html'

**G)** Implement the code below. This is very similar to our home.html code except we are just going to have a single post. Therefore we do not need to loop over post. So the for loop was removed.



In [None]:
{% extends "blog/base.html" %}
{% block content %}
      <article class="media content-section">
        <img class="rounded-circle article-img" src="{{ object.author.profile.image.url }}">
        <div class="media-body">
          <div class="article-metadata">
            <a class="mr-2" href="#">{{ object.author }}</a>
            <small class="text-muted">{{ object.date_posted|date:"F d, Y" }}</small>
          </div>
          <h2 class="article-title"< {{ object.title }}</h2>
          <p class="article-content">{{ object.content }}</p>
        </div>
      </article>
{% endblock content %}
#MAKE SURE indentation is correct

Notice how compared to the html in the home.html file, we have changed all instances of where it said 'post' to 'object'

This is because when  dealing with detailed views it expects this context of the object to be called 'object'. (we could circumvent this issue but right now we are sticking to conventions)

**H)** Save the code and query one of the blog posts pages.

It should display it with no hiccups.

Remember in our views all needed was to specify that model in our detailed views class and it handled the rest for us.

##**STEP 5)** Changing our dead links to make them work.

###**Overview:** 
If we go to the homepage and click any of the links in the blog post, they lead to nowhere. We want to make them go somewhere.

**A)** Go in the home.html template and replace the href with this code which includes a url code block with the code.



In [None]:
href="{% url 'post-detail' post.id %}" #post.id makes sure the PK gets passed in.
#Implement this code into where the # in quotation marks is

**B)** Hover over any of the links on the home page,they should show where they will lead you to.

e.g. blog 1 will lead you to post/1 etc

If you try to go to a post that doesn't exist you will get a 404 error as the page does not exist.


###**Big Picture overview for Steps 6 - 12:**

We are going to create 3 more class-based views. One for Create view, Update view and Delete view.

##**Step 6)** Adding a class-based create view.

###**Overview:**

Now that we have added a listView and DetailedView, we want to add a createView which will handle the implementation of when we want to create a new post.

**A)** Go to our blogs/views.py file and import our CreateView in the same way we imported our DetailView in Step 4 Part A.

Note: If our import list is getting quite long and we don't want to have to sidescroll, what you can do is put imports within parenthesis also known as regular brackets (). You would have some like the code cell below.



In [None]:
from django.views.generic import (
    ListView,
    DetailView,
    CreateView
)

**B)** Implement the class under our PostDetailView as displayed below.

In [None]:
class PostCreateView(CreateView):
  model = Post
  fields = ['title', 'content']

We see that our PostCreateView class is similar to our PostDetailView class. However this is going to be a view with a form, where we create a new post. 

This is why this class has some fields. For now we want the title and the content of the post.

**C)** In our blog/urls.py import PostCreateView just like we did our PostDetailView in Step 4 Part C.

In [None]:
from .views import PostListView, PostDetailView, PostCreateView

#The import should look like above OR below.

from .views import (
    PostListView,
    PostDetailView,
    PostCreateView
)

**D)** Now in our urlpatterns add the PostCreateView path

In [None]:
path('post/new/', PostCreateView.as_view(), name='post-create'),
#When Creating a new post we will go to post/new/

At this point we again need a template for this view, however it will have a different name to what we did with our PostDetailView.

Our PostCreateView will share a template with our class-based Update view. They expect this template to be the named of the model underscore form.

In this case it is post_form.html

**E)** In our blog directory create a template with this name 'post_form.html' This form template will be very similar to other templates that contain forms.

**F)** We can simply copy the html in our register.html file and just make a few changes.

*   Change the message to Blog Post

*   Change the submit button to Post
*   We can remove this whole div tag from our form.

After making these changes our post_forms.html file should look something like the code below now.

In [None]:
{% extends "blog/base.html" %}
{% block content %}
    <div class="content-section">
        <form method="POST">
            {% csrf_token %}
            <fieldset class="form-group">
                <legend class="border-bottom mb-4">Blog Post</legend>
                {{ form.as_p}}
            </fieldset>
            <div class="form-group">
                <button class="btn btn-outline-info" type="submit">Post</button> 
            </div>
        </form> 
    </div>
{% endblock content %}


**Note:** If you are using crispy forms, the form.as_p tag will be different and you will have loaded in crispy forms in a django code block at the top too.

**G)** Query our post/new endpoint on the site.

It should display a form to create a new Blog Post.

This is why class-based views are so useful, we didn't have to make a forms module to create this form.

We just told our CreateView that we wanted to work with the Post model, and wanted to have the 'title' and 'content' fields within that form.

**H)** There are still some changes we need to make, try to make a new post and submit it, see what happens.

We get an error, why? Let's read it.

IntergrityError due not having a author/the author being null and every post needs to have an author. Logically we want the autho of the post to be the current logged in user however we have not implemented anything to tell it that.

##**Step 7)** Making the author our currently logged in user

###**Overview:**

We want to set the author of a blog post to the currently logged in user.

**A)** Back in out blogs/views.py file add the following method within the PostCreateView class

In [None]:
#WE need to override the form valid method.
    def form_valid(self, form): #Line 1
        form.instance.author = self.request.user #Line 2
        return super().form_valid(form) #Line 3

**Line 1** is our method to check if a form is valid, takes two arguments the instanced user( currently logged in user, and the form we are trying to submit)

**Line 2** is saying the form we are trying to submit, befor we do that, take the author of the form we are trying to submit and make that equal to the currently logged in user.

**Line 3** is just running our form valid method on our parent class (would've been run anyway but whenever we override it we are just setting the author before it gets ran.

**B)** Query the post/new/ endpoint again and attempt to submit another post.

We still will get another error unfortunately however it is not the same as before. Read the error.

**Issue**: We do not have a 'redirect' URL.

In summary it's telling us it created the post successfully but it doesn't know where to redirect the user to after the submit button is clicked.

We can see that our post was actually created by navigating to the home page, a new blog post should be there. We just need to let the view know where we want to redirect the user once the post has been created/submitted.

Ideally we want to redirect to the detail page of the post we just created, so if it was blog post 4, we want to go to /post/4 etc.

This is actually what it is trying to do but as we know it is unaware how to, hence the error.

**C)** To tell Django how to find the URL of a model object we need to create a get absolute URL method in our model that returns the path to any specific instance. 

Open up our blogs/models.py file and withi our post model is where we will create this method.

First we will be getting the URL of a particular route, to do this we need to use the reverse function.

Why are we not just using the redirect function like before?

**Redirect** and **Reverse** are slighly different, Redirect literally redirects you to a specific route

where as 

Reverse will simple return the full URL to that route as a string and let the view handle the redirect for us.

**D)** We need to first import the reverse function, add this import to your blogs/models.py file

In [None]:
from django.urls import reverse #Importing the reverse function

**E)** Now in our 'Post' model/class we will create 'get absolute URL' method to tell Django how to find the URL to any specific instance of a post.

Implement the following code in our 'Post' class

In [None]:
  def get_absolute_url(self):
    return reverse('post-detail', kwargs={'pk': self.pk}) 

#The value of pk is set to the instance of a specific post's primary key.
#Second line will return the full path as a string, specifically the path to the post-detail route
#Remember it needs a specific post with a pk(primary key).

**F)** Open up the browser and query our post/new/ endpoint again and submit another post. After we submit it, we should have beens sent to the newly created posts detailed view page e.g. /post/5

If we wanted to go to the home page everytime we create a post we could set an attribute in the CreateView called success URL and set that to the homepage instead HOWEVER we will be leaving it how it is.

**In summary:** 

Django gives us alot of functionality after filling in only a few different attributes.

Would have taken a lot more code if we did that in other frameworks or regular function based views instead. We would have needed to create forms, handle the post request, save the information etc.

With class-based views we can do all this just by knowing what attributes need to be set thus saving us lots of lines of code.

**Note:** Once you are comfortable with class-based views, we should use them more often.



##**Step 9)** Change functionality to only allow users who are logged in to create posts.

###**Overview:**

We need to only be able to access the post/new route ONLY when logged in to a user.

We know how to do this with function based views, we use the log-in requird decorator. We cannot use decorators on classes though.


**A)** Instead we will use something called 'login mixin'. This is just a class that we **inherit** from that will add that login functionality to the view.

Go to our blogs/views.py file and add the following import

In [None]:
from django.contrib.auth.mixins import LoginRequiredMixin

**B)** Now we just want to add this class to the ones we are inheriting from. 

In this case the PostCreateView class.

Add the following code on the **FAR LEFT** of where you would put the a class you want to inherit from.
It should look like this below.

In [None]:
class PostCreateView(LoginRequiredMixin, CreateView): 

#Now we are inheriting from the LoginRequiredMixin and the CreateView.

**C)** Go back to our site, make sure you are logged out and then query the post/new/ endpoint.

You should have been sent to the Log in page, meaning out LoginRequiredMixin is working.

##**Step 10)** Creating an class-based update view

###**Overview:**

We will now be adding an update view into our code which will deal with wanting to update an already existing blog post.

**A)** Again in our blog/views.py file we will create another class named PostUpdateView. 

First add UpdateView to our list of imports, just after/under 'CreateView,'

In [None]:
from django.views.generic import (
    ListView,
    DetailView,
    CreateView,
    UpdateView,
)

**B)**  Our PostUpdateView class is very similar to our PostCreateView class. 

We have merely changed anything that was CreateView related to the UpdateView equivalents.

In [None]:
class PostUpdateView(LoginRequiredMixin, UpdateView):
  model = Post
  fields = ['title', 'content']

  def form_valid(self, form):
      form.instance.author = self.request.user
      return super().form_valid(form) 

**C)** We need to add a path now to our urlpatterns and import our PostUpdateView.

Go to your blogs/urls.py fil add 'PostDetailView besides/under our PostUpdateView.



In [None]:
from .views import(
    PostListView,
    PostDetailView,
    PostCreateView,
    PostUpdateView
)

**D)** implement the following path into the urlpatterns.

To update a post we need to include that primary key with the same route as PostDetailView

In [None]:
path('post/<int:pk>/update', PostUpdateView.as_view(), name='post-update'),

Since we implementing that pk (primary key) in the URL to the post that we want to update, the Django UpdateView will take care of everything else using the information we provided.

We do not need to make a template as it is going to use the same post_form.html template we created for our CreateView function.

**E)** Go onto the site, login to a user and attempt to update one of your already existing posts.

e.g. query the endpoint post/5/update to update blog post 5

You should see a form, already filled in with the already existing title and content.

**F)** Update this post and submit, to check if it actually updates.



##**Step 11** - Preventing out sites functionality from being abused.

###Overview:

When building an app like this, you need to consider the ways users can use your app, and how they could potentially exploit/abuse it. It is always good to plan for that.

**Problem:** 

One thing we have done is implemented a login check. You need to be logged into a user to create a post. However we **ARE NOT** currently checking if the author of the post is the same user trying to access this update page. We only want the author/user who created the post, to update it.

**Solution:**
  Use more mixins to implement added measures to prevent abuse of our sites funtionality.

**A)** On your site log into a user and attempt to access a blog post's update page that the current user is not an author of.

We need to put a check in place to prevent this, this can be achieved using another 'mixin'.

**B)** In our blogs/views.py file add import

UserPassesTestMixin

The import should end up looking like the one below

In [None]:
from django.contrib.auth.mixins import LoginRequiredMixin. UserPassesTestMixin

**C)** Add "UserPassesTestMixin", to our PostUpdateView class, **SPECIFICALLY TO THE LEFT** OF OUR UpdateView class. 

The line should look something like belo?

In [None]:
class PostUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):

**D)** We can create a method called 'test_func'

This is a method that our UserPassesTestMixin will run in order to see if our current user passes a certian test condition.

**D Part 2)** Implement this inside our PostUpdateView Class.

In [None]:
  def test_func(self):
      post = self.get_object() #Gets the post we are currently trying to update.
      if self.request.user == post.author:
          return True
      return False
#We could return this conditional as one line but this way is more readable.

**In the code above, what does the 'if condition' do?**

**Answer:**

Checks if the current logged in user and is equal to the author of the post we are tring to update

After implementation, this should now prevent any users from updating posts they are not the author of.

**E)** Reload the site, login if not already and attempt to update someone elses post.

We should get a '404 Forbidden' message meaning our 'defense' works. This is the response we want.

##**Step 12)** Adding a class-based delete view

###**Overview:**

We are want to implement the delete view to presumably be allow the user to delete their posts.

**Note:** With the step we just added prior we may have to implement something similar to prevent users deleting posts they are not the author of.

**A)** Import the DeleteView just like the previous class-based views. 

It should now look like the code below,

In [None]:
from django.views.generic import (
    ListView,
    DetailView,
    CreateView,
    UpdateView,
    DeleteView
)

**B)** Create the following class in our blogs/views.py file. Underneath the previous class is okay.(not inside)

**Note:** This class is very similar to our PostDetailView class

In this class, we want to require the user to be logged in and also require the user is the author of the post, this is done by adding out 'mixins'



In [None]:
class PostDeleteView(LoginRequiredMixin , UserPassesTestMixin, DeleteView): 
    model = Post

    def test_func(self):
      post = self.get_object()
      if self.request.user == post.author:
          return True
      return False

#Make sure the mixins are to the left of the view.

If you look at the test_func above, this is an exact copy of the method we used in our PostUpdateView class as we are again checking if the user is the same as the author of the post.

Our end goal is now deleting the post rather than updating it.

**C)** Import 'PostDeleteView' into our views imports on our blogs/urls.py file.

It should similar to this (By similar I simply mean including those 5 class-based views).

In [None]:
from .views import(
    PostListView,
    PostDetailView,
    PostCreateView,
    PostUpdateView.
    PostDeleteView
)

**D)** Now let's add a path in our urlpatterns.

Copy and paste the path into your urlpatterns.

In [None]:
path('post/<int:pk>/delete', PostDeleteView.as_view(), name='post-delete'),

**E)** Now we just need another template. The template that this expects is just a form that asks if we are sure that we want to delete the post, and if we submit the form then the post will subsequently be deleted.

Within our blog/templates create a new file called 'post_confirm_delete.html'

I will copy the html in our post_form template and make some changes. 

**F)** The end result is the second code cell below, simply implement that into our 'post_confirm_delete.html' file.


In [None]:
#Code for our post_confirm_delete file, READY TO BE IMPLEMENTED!
{% extends "blog/base.html" %}
{% block content %}
    <div class="content-section">
        <form method="POST">
            {% csrf_token %}
            <fieldset class="form-group">
                <legend class="border-bottom mb-4">Delete Post</legend> 
                <h2>Are you sure you want to delete the post "{{ object.title }}"</h2>
            </fieldset>
            <div class="form-group">
                <button class="btn btn-outline-danger" type="submit">Yes, Delete</button>
                <a class="btn btn-outline-secondary" href="{% url 'post-detail' object.id %}">Cancel</a>
            </div>
        </form>
    </div>
{% endblock content %}

**What are the noticeable changes in the html implemented in post_confirm_delete.html compared to post_form.html?**

**Answer:**

*  No crispy forms implementation as no forums are passed through here.

*  legend tag
*  h2 header asking as if we are sure we want to delete the post.
*  Outline for Submit button
*  Submit button message
*  A cancel button



**Note:** If you do not have crispy forms implemented do not worry. It is not relevant to this page as no forums are passed through here.

**Cancel button:** (Reading the following and looking at the snippet of code below should give us a better understanding of what's occurring)

We have set a href that just takes us back to the DetailView of this exact post.

In our href we have specified the url of post-detail and the primary key which is how we differentiate between the different posts.

The href code block it creates a URL of the post detai page of this post's id. e.g. post 4.

In [None]:
<a class="btn btn-outline-secondary" href="{% url 'post-detail' object.id %}">Cancel</a>

**G)**  In your browser, run your site and login. Find a post you have written and attempt to delete the post

Click  Yes, delete but cancel. It should take us back to the detailed view page of the post. 
Do this by querying the delete endpoint
/post/5/delete for example

**H)** Attempt to delete the post again, click  Yes, delete and confirm. 

**We should get an error, but why?**
 Make sure you read the error

**Answer:** It does not know where to redirect us after a post deletion has been attempted.

**REMEMBER**, unlike with post creations, when we get a failure for deletion, it DOES NOT delete the post just in case. It will still be there.





**I)** Test ths by querying the home endpoint, the post you attempted to delete should be there.

Now that the error has told us what we need to do which is that we need to provide a success URL.

We will now add a success URL to our DeleteView which will send our user to the home page. **Why are we adding a success URL and not e.g. redirecting to the page's detailed view?**

**Answer:** 

That post is deleted therefore that endpoint no longer exists.


**J)** In our blog/views.py and scroll down to our DeleteView class.

Implement the following attribute into the class, under your models attribute is fine.


In [None]:
success_url = '/' #The success URL now points to the homepage.

**K)** Run the site, login and attempt to delete a post again. 

Confirm deletion. 

It should have deleted the post and sent us to the site's homepage. We can also see that the post is now deleted, as it's not longer there.

**We have now:**

*   Added the ability to list, view, create, update and delete posts using class-based views.

##**Step 13)** Adding our links in our navigation bar to our site's new functionality.

###**Overview:**

All of our functionality is working but we do not have any links in place to access any of our routes that we just created.

**A)** Creating a link to create a new post.

In your projects, navigate to your base.html template of our blog as that is where navigation bar is housed.

Scroll down to our navigation, add the following code to where appropiate.



In [None]:
<a class="nav-item nav-link" href="{% url 'post-create' %}">New Post</a>

It should be been implemented within the 'if user.is_authenticated' conditon, as we only allow users that are logged in to create posts.

**B)** Adding links to update a post and delete a post.

A good place for these is within the 'post detail' page and if the user is the user who wrote the post then they will see links to update and delete the post.

Navigate to our post_detail.html file

Implement the following code right after the date.


In [None]:
        {% if object.author == user %} #user represents the current logged in user
          <div>
            <a class="btn btn-secondary btn-sm mt-1 mb-1" href="{% url 'post-update' object.id %}">Update</a> 
            <a class="btn btn-danger btn-sm mt-1 mb-1" href="{% url 'post-delete' object.id %}">Delete</a>
          </div>
        {% endif %}
#Make sure all tags have start tags and end tags.
#'btn' is a bootstrap button

This if condition makes it so that the buttons for the update and delete link **ONLY** display if the user who is logged in is the author of the post.

###href="{% url 'post-update' object.id %}"

###href="{% url 'post-delete' object.id %}

These hrefs link to a URL to the post-update and post-delete routes respectively. 

'object.id' is us specifying which object we want to update or delete respectively. 

**C)** Run the site, login. Inspect the Navigation Bar. There should be a New Post Link.

Click on a post you have created, there should be two more buttons, one update button and one delete button.

Test these routes.

Go on a post created by someone else, the buttons should not be there.

In this Lab we have:

Gathered a good understanding of class-based views and implemented 5 of those (List, Post, Create, Update and Delete)

Added our new functionality as links in our navigation bar and the necessary form, in this case the when a user want to creates a new post