Using the request/response cycle as a guide, here's how authorization fits in:
- The browser makes a request for a URL
- The request hits the Rails router
- Before the router sends the request on to the controller action, the app determines whether the user has access permission by looking at the user's role.
What is a role? A role is a way to manage what parts of a site a user has access to. A user's role is specified in the database.