Using the request/response cycle as a guide, here’s how authorization fits in:
- The browser makes a request for a URL
- The request hits the Rails router
- Before the router sends the request on to the controller action, the app determines whether the user has access permission by looking at the user’s role.
What is a role? A role is a way to manage what parts of a site a user has access to. A user’s role is specified in the database.
Let’s begin building an authorization system by adding a
role column to the users table.
Open the migration file for the users table in db/migrate/, and add the following column:
Run the migration to update the database with the users table.