Authorization Examples
Here are a few examples of adding in simple authorization to your Rails app. This was presented at the 12/11/2013 IndyRB meetup. There were a few different examples provided. This was sort of live-coded so you will need to uncomment lines to see some of the examples in action.
Examples
- A
require_adminbefore filter to protect a secret area. - An
authorize_actions!before filter with an overridableauthorized?method - A per-action
authorize!method - Moving authorization logic to the resource model (e.g.
editable_by?) - Calling authorization from the
current_user(e.g.can_edit?) - Changing the view based upon user privileges