Here are a few examples of adding in simple authorization to your Rails app. This was presented at the 12/11/2013 IndyRB meetup. There were a few different examples provided. This was sort of live-coded so you will need to uncomment lines to see some of the examples in action.
- A
require_admin
before filter to protect a secret area. - An
authorize_actions!
before filter with an overridableauthorized?
method - A per-action
authorize!
method - Moving authorization logic to the resource model (e.g.
editable_by?
) - Calling authorization from the
current_user
(e.g.can_edit?
) - Changing the view based upon user privileges