Congratulations! You built a authorization system from scratch.
- The role column in the User model specifies a users’ role
- A method like
def editor?is created for business logic
require_adminmethods redirect to () if the current user is not an editor or admin.
- The before action acts a filter, calling
require_adminbefore excuting controller actions.
current_usermethod can be used in the views to display links based on the signed in user’s role.