Chapter 6. Authentication and basic authorization
This chapter covers
- Working with engine code and generators
- Building an authentication system with an engine
- Implementing basic authorization checking
You’ve now created two resources for your Ticketee application: projects and tickets. Now you’ll use a gem called Devise, which provides authentication, to let users sign in to your application. With this feature, you can track which tickets were created by which users. A little later, you’ll use these user records to allow and deny access to certain parts of the application.
The general idea behind having users for this application is that some users are in charge of creating projects (project owners) and others use whatever the projects provide. If they find something wrong with it or wish to suggest an improvement, filing a ticket is a great way to inform the project owner of their request. You don’t want absolutely everybody creating or modifying projects, so you’ll learn to restrict project creation to a certain subset of users.
To round out the chapter, you’ll create another CRUD interface, this time for the users resource, but with a twist.
Before you start, you must set up Devise!