Using the request/response cycle as a guide, here's how authorization fits in:

  1. The browser makes a request for a URL
  2. The request hits the Rails router
  3. Before the router sends the request on to the controller action, the app determines whether the user has access permission by looking at the user's role.

What is a role? A role is a way to manage what parts of a site a user has access to. A user's role is specified in the database.

Community Forums
Get help and ask questions in the Codecademy Forums
Report a Bug
If you see a bug or any other issue with this page, please report it here.