Section Introduction
This section will explain how to properly incorporate authorization into a Rails application to ensure that each feature is protected with the correct permission structure.
Guide Tasks
  • Read Tutorial
  • Watch Guide Video
Video locked
This video is viewable to users with a Bottega Bootcamp license
APPLY NOWLEARN MORE

In this section of the course, we're going to talk about authorization. Don't get authorization confused with authentication. Authentication is the ability for users to

  • login
  • register

Authorization is you deciding what types of behaviors a user is authorized to perform. For example, you probably don't want other users to be able to create blogs on your personal portfolio site, that should be limited just to you. For the most part, you don't want to make that something that the entire world can do. Right now, technically, any user can log in and create blog posts. We're going to implement our own type of authorization engine. You can say I want X,Y and Z users to perform these tasks. This is a very important feature, not just for the sake of this portfolio, I have very rarely had an application that didn't need some type of authorization unit built into it.

This is going to be a very important thing to learn. We're also going to be using a great gem called Petergate that's going to help do some of this authorization for us. Let's get started.