August 2015
Intermediate to advanced
576 pages
18h 13m
English
Content preview from Rails 4 in ActionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 8. Fine-grained access control
This chapter covers
- Implementing authorization using the Pundit gem
- Writing a custom RSpec matcher
- Enforcing authorization for future-proofing your code
- Building a completely custom form for managing a user’s roles
At the end of chapter 7, you learned a basic form of authorization based on a Boolean field called admin on the users table. If this field is set to true, the user is an admin user, and can therefore access the create/destroy functions of the Project resource, as well as an admin namespace where they can perform CRUD on the User resource.
In this chapter, you’ll expand on authorization options by implementing a broader authorization system using a Role model. The records for this model’s ...