We released three new Rails 6 videos for you today!
As our app stands, we have user authentication implemented and we know whether a user is signed in or not. Now it’s time to start restricting access to parts of the application. This process is commonly referred to as authorization. Authorization rules vary widely depending on the nature of the application, but once you understand the technique you can apply it as you see fit.
In Module #33 we put various gatekeepers (otherwise known as before actions) in place to restrict who can make changes.
Then in Module #34, we take it a step further by allowing only super-special admin users we trust to perform highly-sensitive actions in our app. So we distinguish admin users from regular users, and restrict access accordingly.