 Hey everybody, this is Brian. Welcome to the 10th Yi tutorial. All right, so so far we have worked with routes, we've worked with static views, a little bit with models. We kind of got like a cursory overview of Yi and what can do. We're going to kind of do a little bit of freestyling here. Like you see how I've got this toolbar here and I've got it pointing to different things. Obviously I've made a controller with views. My view is Yi to generate these things. But in our little web app that we've been working with it hasn't automatically appeared on this bar. You know instead we've got to actually punch this in. We've got to say like you know teachers slash create. You know and then we got to log in and all this other stuff. So then we can get to it. So how do we get that link right up here? Well very simple. We're going to actually modify this a little bit. And what we're going to be working with are called layouts. So we're going to go in here and I want you to go to your protected views and layouts. And you'll see this column one, column two and main. Well pretty self-explanatory. Column one is if there's only one column. Now you notice how it's beginning contract layouts main. Same thing with you know column two. There's two columns and it's layouts main. So if you hadn't guessed by now layouts main is where the bulk of our actual code is that renders this page. Now just kind of looking at this it should be. I mean if you know anything about you know PHP and HTML a little bit self-explanatory but we're going to dig through this anyways. You've got your basic head and I realize I just said basic head. Anyways I know some of you out there giggling. Stop that you're distracting me. Okay and then we're calling the yeap global object. Something we'll cover in depth in a later tutorial. But it should note that the yeap request base URL. That's very handy to use in case your site gets moved. Like if you're on a dev box and then you move it into production and the paths you know don't quite match up like it's a different sub folder or something. That's pretty handy to know because it'll automatically parse that out for you. You can see we're just calling some cascading style sheets and you know this is the page title. We're doing the in code which you're getting out of the the main config file. Well actually you're not. Sorry my bad. And then you're this is where you're getting out of the config file is the application's name. Then you've got this main menu and this is kind of what we're going to be focusing on here for a little bit here. And we've got breadcrumbs which you know that's where it's actually rendering the breadcrumb for each view. And then content. This is where your actual view content is being rendered. And then it's just got this footer at the bottom here. So this right here this C menu object is what we're really going to be working with. That's what's rendering. I mean you can see right here label home URL and then it's got the route. Pretty easy to understand just by looking at it what's going on here. This is where I really go back to I think it was the first video I need where I say pretty much everything in you is going to boil down to an array at some point. So you really got to get arrays down and if you haven't gotten those down you're going to get them down by the time we're done with the series. So what we're doing here is we're saying PHP obviously. This widget meaning we're adding a widget is going to be the z.widgets.c menu. Don't really worry about this little path right here. Just focus on C menu. That's what we're working here. Now with C menu we have to give it an array of items and each item is while you guessed it has a label and has a URL. And that's how we're pointing to the different controllers. You can see how there's a home about contact and then a logout. Now logout you should notice how it's a little bit different here. It's got this visible not eapp user is guessed. What in the heck? That's right. Yee actually knows whether or not you're logged in. And you can determine the visibility of that whether or not you're a guest. So for example we're currently logged in. If we log out you notice how poof it's gone. So let's log back in and ta-da there it is. Logout. So it's also on the login I should know. So you can determine whether or not they're visible based on the status. Pretty neat huh? Now we're going to just go ahead and add in our little little controllers. We see teachers. You don't really have to put slash index. I like to do it just so I know where it's pointing to. Now let's load up our page here. It's actually logout. You notice how teachers is there. If we click it we can see the teachers but if we go to create it wants us to log in. That goes back to the actual controller and let's just crank that open real quick here. That goes back to what are called the access control filters. For example allow index and view. So we can see the the default page and we can actually view a teacher without logging in because users is star or wild card any. Let's put that to the test here. Let's say teachers and let's actually click on this. So we can view a teacher. Now if we go back to the controller here you'll see that create an update require an authenticated user where admin and delete require an admin and then we're going to deny anything else. So just be aware of the access rules and how those function when we are working with this. So for example if I log in with demo and demo you can see now poof we can create a teacher but if I go to manage them slash admin notice how I get this 403 you're not authorized to do this. Let's actually view this guy and try to delete him. 403 you're not authorized to do this. However if I log in as admin and admin and I go to teachers and I go manage suddenly I'm allowed to do that. That's the access controls in play. That's how that works and I'm going to jump back just so we can go over this a little bit in depth. Access rules these are extremely important when you're dealing with a layout because you need to know at what point somebody can actually see something. For example let's go back to our little main.php you don't want to say slash admin and notice how you don't have the visible is guessed. So if you're wondering what's it's going to do let's log out. We click this it's going to go to site login and it's instantly going to want you to log in. Now let's say they're only a demo. Well they're not authorized to do that and then you're going to get a support phone call saying hey your website's broken when reality it's working just fine. Let's go back here let's switch this back to index just for sake of argument. So just to recap the access rules you can explicitly allow or deny and you can have multiple levels for example allow and then you're giving the actions index and view and we're going to say any and then allow create an update at the at symbol for authorized users and we're going to allow admin and delete only for admins. The wildcard the at symbol and the admin are kind of like hard coded into e it's how they know what you're doing and the explicit deny at the end that's important. So let's actually get a little weird here. Let's say because in the next tutorial we're going to use this we're going to make a new view and we're going to say test why not. So here's our test view and we're just going to leave it blank just for the sake of argument here. Now we don't have test anywhere in here so this is your quick down and dirty to access rules. What's going to happen when we go to render this? Let's find out. The first thing we're going to actually log in is admin so we know we can do anything in this site. First thing you'll notice is it's not in any of this list over here but we can actually type it in and say test. Now it's saying 404 not found this is a stumbling block. I see a lot of new people to you do is they know the view exists they just created it but you're getting a 404 not found. What's going on here? Well the reason why you're getting that is because you explicitly have this access deny at the bottom so you're denying anything else. So let's go ahead and say we want anyone to be able to view test because we're in the allow users any. Same thing just going to hit enter. Why is it still not working? Well that's because we're actually creating a view that we have to render. This is not a static page so that's the other pitfall. Notice how you have all these actions here action create delete. So what it's doing is it's looking for the action with that name so we're going to actually just create an action here. If you're wondering what an action is it's just a function with the word action in front of it and from here you can actually well you guess it just render it. Oops used to doing a C++ tutorials where it automatically does that for me and we're going to give it the view name and in this case it's going to be test. Now you notice how we didn't put in test.php we just put in test that's because it's smart enough to know that it's a php framework. All right so let's go through our real quick checklist here. We've got the file we've got the rule and now we've got the action will it render place your bets. Ta da there goes it's blank because we really haven't put anything in there but we can go ahead and modify this view as we see fit. So we covered quite a bit of ground here. I'm going to go ahead and after this tutorial add in classes in here just for practice I would recommend you do that too. Questions comments concerns drop me a line I get an overwhelming amount of email but I always love to hear people's feedback and I do try to take time to read and reply to everybody. Sometimes it takes me months I'll admit it I'm really bad about it. All right thanks for watching.