O'Reilly logo

Rails 4 in Action: Revised Edition of Rails 3 in Action by Ryan Bigg, Yehuda Katz, Steve Klabnik, and Rebecca Skinner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. Fine-grained access control

This chapter covers

  • Implementing authorization using the Pundit gem
  • Writing a custom RSpec matcher
  • Enforcing authorization for future-proofing your code
  • Building a completely custom form for managing a user’s roles

At the end of chapter 7, you learned a basic form of authorization based on a Boolean field called admin on the users table. If this field is set to true, the user is an admin user, and can therefore access the create/destroy functions of the Project resource, as well as an admin namespace where they can perform CRUD on the User resource.

In this chapter, you’ll expand on authorization options by implementing a broader authorization system using a Role model. The records for this model’s ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required