It seems the second code snippet is missing the code to set the current_user:
current_user: Accounts.get_user_by_session_token(session["user_token"]),
and on the previous page (55), the last sentence repeats the word “also”
it is also also protected