Rails 3 in Action

Chapter 7. Basic access control

This chapter covers

Adding an authorization flag to a database table
Locking down access based on a database flag

As your application now stands, anybody, whether they’re signed in or not, can create new projects. As you did for the actions in the TicketsController, you must restrict access to the actions in the ProjectsController. The twist here is that you’ll allow only a certain subset of users—users with one particular attribute set in one particular way—to access the actions.

You’ll track which users are administrators by putting a boolean field called admin in the users table. This is the most basic form of user authorization, which is not to be confused with authentication, which you implemented in ...

Get Rails 3 in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Rails 3 in Action by Ryan Bigg, Yehuda Katz

Chapter 7. Basic access control

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly