O'Reilly logo

Rails 4 in Action: Revised Edition of Rails 3 in Action by Ryan Bigg, Yehuda Katz, Steve Klabnik, and Rebecca Skinner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 7. Basic access control

This chapter covers

  • Authorizing administrative users
  • Organizing code in namespaces
  • Seeding the database with sample data
  • Adding an admin-only interface to edit user records

As your application now stands, anybody, whether they’re signed in or not, can create new projects. In this chapter, you’ll restrict access to certain actions in the ProjectsController, allowing only a certain subset of users—users with one particular attribute that’s set in one particular way—to access the actions.

You’ll track which users are administrators by putting a Boolean field called admin in the users table. This is the most basic form of user authorization, not to be confused with authentication, which you implemented in ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required