Authorization is the step in authentication where the application confirms the user's identity.

Start[missing "en.views.course_landing_page.rails-auth.course_illustration" translation]
Lesson 1 of 1
  1. 1

    So far we've seen how to build an authentication system that lets users sign up, log in, and log out. In addition to authentication, many web apps have a way to give specific users permission to a...

  2. 2

    Using the request/response cycle as a guide, here's how authorization fits in: 1. The browser makes a request for a URL 2. The request hits the Rails router 3. Before the router sends the request...

  3. 3

    Great! In the users table, we now have a column named [...] that we can use to assign different roles to users, such as "editor" or "admin".

  4. 4

    We created a method named [...] that checks whether a user's role is "editor", and returns [...] or [...] . The method uses [...] to refer to the current instance of a User object. Now that...

  5. 5

    Great work! The role-based authorization system is working. Users with an editor role have permissions to see the edit page, while users without that role do not.

  6. 6

    Great job! We now have a way to determine whether a user has an admin role on the site. Let's add a few methods to the Application controller to make sure that users with the admin role can access ...

  7. 7

    Congratulations! You built a authorization system from scratch. 1. The role column in the User model specifies a users' role 2. A method like [...] and [...] is created for business logic 3....

What you'll create

Portfolio projects that showcase your new skills

Pro Logo

How you'll master it

Stress-test your knowledge with quizzes that help commit syntax to memory

Pro Logo


Start[missing "en.views.course_landing_page.rails-auth.course_illustration" translation]