Learn
Authorization
Generalizations
Congratulations! You built a authorization system from scratch.
- The role column in the User model specifies a users’ role
- A method like
def admin?
anddef editor?
is created for business logic - The
require_editor
andrequire_admin
methods redirect to () if the current user is not an editor or admin. - The before action acts a filter, calling
require_editor
orrequire_admin
before excuting controller actions. - The
current_user
method can be used in the views to display links based on the signed in user’s role.