Congratulations! You built a authorization system from scratch.
- The role column in the User model specifies a users' role
- A method like
def admin? and
def editor? is created for business logic
require_admin methods redirect to () if the current user is not an editor or admin.
- The before action acts a filter, calling
require_admin before excuting controller actions.
current_user method can be used in the views to display links based on the signed in user's role.