1
00:00:02,560 --> 00:00:05,550
So people are allowed to log in anonymously,

2
00:00:05,560 --> 00:00:08,570
so that means every visitor of our page is logged in,

3
00:00:08,620 --> 00:00:12,550
obviously we don't want to grant many rights to our users then.

4
00:00:13,000 --> 00:00:16,760
And in general, when do we want to enable any data to be fetched,

5
00:00:16,810 --> 00:00:20,890
we need to dive into the rules here and set up the rules for our data.

6
00:00:20,890 --> 00:00:26,410
Now here you have to add a collection and now this does not mean add it in the database but add it in the

7
00:00:26,410 --> 00:00:30,520
rules here so that we can set rules for a collection. If nothing is added here,

8
00:00:30,640 --> 00:00:35,580
everything's locked down by default and that is of course a great security setting.

9
00:00:35,590 --> 00:00:40,690
So here first of all, the databases is the shop database and the collection for which I want to set up some

10
00:00:40,690 --> 00:00:43,450
rules is the products collection.

11
00:00:43,550 --> 00:00:48,840
Now here you see you've got a couple of templates, you can say users can read and write their own data,

12
00:00:49,120 --> 00:00:53,290
users can only read all data, can read and write their own data,

13
00:00:53,290 --> 00:00:55,880
now I will go with no template here,

14
00:00:55,990 --> 00:01:00,810
click add collection and now you have this set up.

15
00:01:00,880 --> 00:01:03,890
Now for one, you could set up some validation here,

16
00:01:03,970 --> 00:01:08,400
you could set up schema validation here and stitch would automatically give you an error if you try

17
00:01:08,400 --> 00:01:11,170
to save something which does not suffice this criteria,

18
00:01:11,200 --> 00:01:17,970
you learned more about schema validation in an earlier module in this course but I'm interested in the permissions.

19
00:01:17,980 --> 00:01:24,640
And here, you basically set for example default permissions which apply to every authenticated entity,

20
00:01:24,880 --> 00:01:29,100
including our anonymously signed in users, so every visitor of our page

21
00:01:29,290 --> 00:01:31,480
and right now, everything is locked down.

22
00:01:31,480 --> 00:01:37,630
Now we can enable read access here and this will allow reading documents in this collection and reading

23
00:01:37,660 --> 00:01:38,600
all fields,

24
00:01:38,800 --> 00:01:45,550
you could even add a field here and you could say well the title is not available for reading it, only

25
00:01:45,550 --> 00:01:46,810
the other fields are,

26
00:01:46,840 --> 00:01:53,760
so that is something you could do if you wanted to control that some field is not retrieveable or not

27
00:01:53,760 --> 00:01:54,410
writeable,

28
00:01:54,490 --> 00:01:58,000
so you got finegrained control up to the field level.

29
00:01:58,060 --> 00:02:00,920
Now here I'm fine with people fetching all documents,

30
00:02:00,940 --> 00:02:02,430
so now we can save that

31
00:02:02,950 --> 00:02:09,650
and now with that, anonymous users should be able to read all the products in our shop database.

32
00:02:09,730 --> 00:02:15,580
So if I go back to my application and I reload here, I don't get this error anymore,

33
00:02:15,790 --> 00:02:17,630
I also don't see the products here

34
00:02:17,890 --> 00:02:24,010
but that is simply related to the fact that I never change the isLoading state here,

35
00:02:24,430 --> 00:02:26,540
so that is a pure react thing.

36
00:02:26,710 --> 00:02:32,170
So here when I set the state, I should also set isLoading to false because we are not loading anymore

37
00:02:32,290 --> 00:02:38,500
and by the way if I have an error, I should also set the state and set isLoading to false because even

38
00:02:38,500 --> 00:02:40,840
if we have an error, we're not loading anymore.

39
00:02:40,840 --> 00:02:47,180
Now with that change, if I save that, now we get a different kind of error,

40
00:02:47,180 --> 00:02:49,900
objects are not valid as react children.

41
00:02:50,120 --> 00:02:54,530
Now that simply is related to what we get back as products,

42
00:02:54,530 --> 00:03:00,160
so let's simply console log our products here to see which format stitch gives us.

43
00:03:00,170 --> 00:03:07,540
So if I now reload, we get this output and we see we are fetching two products because I got two products

44
00:03:07,660 --> 00:03:14,200
in the database from last module and here, I got an array of product with price, name, image and description

45
00:03:14,260 --> 00:03:17,260
and _id which is an object ID.

46
00:03:17,350 --> 00:03:19,180
Now which problem do we have here?

47
00:03:19,570 --> 00:03:25,950
Well the problem is previously in the last module, we parsed our mongodb data on the server,

48
00:03:25,960 --> 00:03:31,630
for example we converted this decimal 128 thing to a number or to a string

49
00:03:31,630 --> 00:03:32,920
we could work with.

50
00:03:32,920 --> 00:03:37,510
Now we're not doing this and hence we're getting these native mongodb types

51
00:03:37,510 --> 00:03:43,900
and you can also see that here that we have these special types, objectId decimal 128 with which we

52
00:03:43,900 --> 00:03:45,030
can't work,

53
00:03:45,400 --> 00:03:47,650
so we need to convert them here on the client

54
00:03:47,650 --> 00:03:52,510
now because we're doing the entire data fetching on the client. The solution is that we transform our

55
00:03:52,510 --> 00:03:54,070
products here on the client, so

56
00:03:54,160 --> 00:03:55,750
let's do this in the next lecture.