Using Action Policy for a Ruby on Rails App: The Basics
To keep your app secure, you need to control who and what can access it. Access control can be categorized into authentication — "who" to allow — and authorization — "what" they can access. Authentication is a subject for another day, but when it comes to user authorization, you generally have two ways to go about it: using a role-based or resource-based strategy. In this two-part series, we'll take a deep dive into using the Action Policy gem for a Ruby on Rails blog application.