# Part 9 - Authentication

• Follow the instructions for implementing authentication
  • Scaffold basic login and registration views and routes, and adjust where necessary
  • Update the navigation menu that will be different for guests, authenticated users (without admin rights) or administrators
  • Use the built-in auth middleware to protect specific routes for unauthorized users

# Non-authenticated users (guests)

• Guests (e.g. students interested in some courses) can only access the home page and the courses dashboard (but the buttons 'Manage students' are not visible in the course cards)

• Guests should not be able to access course detail pages (with the enrolled students on it)
  • If they do try e.g. the url http://localhost:3000/courses/1, they are (automatically) redirected to the login page

# Authenticated users without admin rights

• Authenticated users without admin rights (e.g. lecturers interested in a list of students enrolled for their course) can access the home page, the courses dashboard (with 'Manage students' buttons) and the course detail pages

• In the navigation bar, the name of the authenticated user is shown
  • By clicking on it, a dropdown is shown through which the user is able to logout from the application

# Authenticated users with admin rights

• Authenticated users with admin rights (e.g. programme heads, secretaries or lecturers who manage the student programmes) obviously can access all the pages that are accessible by a user without admin rights as well
• On top of these functionalities, they will be able to perform some administrative tasks
  • For one of these tasks, i.e. creating, updating and deleting programmes, a link Programmes is already foreseen in the navbar. The programming logic (routes, controller, views, ...) behind this additional functionality is tackled in Part 10 of this exercise.