August 2015
Intermediate to advanced
576 pages
18h 13m
English
Content preview from Rails 4 in ActionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 7. Basic access control
This chapter covers
- Authorizing administrative users
- Organizing code in namespaces
- Seeding the database with sample data
- Adding an admin-only interface to edit user records
As your application now stands, anybody, whether they’re signed in or not, can create new projects. In this chapter, you’ll restrict access to certain actions in the ProjectsController, allowing only a certain subset of users—users with one particular attribute that’s set in one particular way—to access the actions.
You’ll track which users are administrators by putting a Boolean field called admin in the users table. This is the most basic form of user authorization, not to be confused with authentication, which you implemented in ...