Authorization
Authorization is the step in authentication where the application confirms the user's identity.
Start
Authorization
Lesson 1 of 1
- 1So far we’ve seen how to build an authentication system that lets users sign up, log in, and log out. In addition to authentication, many web apps have a way to give specific users permission to a…
- 3Great! In the users table, we now have a column named role that we can use to assign different roles to users, such as “editor” or “admin”.
- 4We created a method named editor? that checks whether a user’s role is “editor”, and returns true or false. The method uses self to refer to the current instance of a User object. Now that we can …
- 5Great work! The role-based authorization system is working. Users with an editor role have permissions to see the edit page, while users without that role do not.
- 6Great job! We now have a way to determine whether a user has an admin role on the site. Let’s add a few methods to the Application controller to make sure that users with the admin role can access …
- 7Congratulations! You built a authorization system from scratch. 1. The role column in the User model specifies a users’ role 2. A method like def admin? and def editor? is created for business l…
What you'll create
Portfolio projects that showcase your new skills
How you'll master it
Stress-test your knowledge with quizzes that help commit syntax to memory
Authorization
Start