The previous abilities we learned through our CollabBlogs application are enough for us to get started. However, what if our application requires complex authorization rules? We have a few remaining complex rules unimplemented, and the abilities we have applied are far simpler than those complex rules.
After we have plenty of rules, we should try to simplify parts of the authorization process and test the rules' correctness. This is to ensure our application behaves as expected.
In this section, we are going to discuss defining rules using SQL, simplifying authorization checks on controllers, and ensuring abilities' correctness.
As mentioned before, the
cannot methods we defined in