Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Answering authorization questions from lecture
* What’s the difference between Authentication and Authorization?
Authentication is how the server confirms you are who you say you are; authorization is making sure you only see what you have permission to see
* Why are both necessary for securing our applications?
You wouldn't want users to be able to edit other users' accounts (authorization), and you can't have authorization without authentication
* What’s a before_action filter in Rails?
It asks the controller to meet some condition or find some information before certain routes are taken
* How can we scope a filter down to only work with specific actions?
You can specify which actions you want with only or except, just like in your routes file
* What’s an enum attribute in ActiveRecord? Why would we ever want to use this?
They're attributes that map to integers but can be called by name. Usually there's a set of two, and one corresponds to 0 while the other corresponds to 1. Logically they are opposites of one another and when you call one attribute with an exclamation, it switches that attribute "on." Then, when you call it with a question mark, it should return true. Finally, you can switch it off by calling the opposite attribute with an exclamation point.
* When thinking about Authorization, why might we want to namespace a resource?
Prevents non-admins from accessing admin pages, for example
* What does allow_any_instance_of in RSpec do?
Allows us to DRY up tests by, for example, asking ApplicationController to be set to admin path by default for the duration of the test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.