- What's the difference between Authentication and Authorization?
Authentication is to verify that the user is who he says he is; Authorization is to validate if the user can access certain paths/actions or not (what do you have privilege to).
- Why are both necessary for securing our applications?
They are both needed because they validate different things inside an application, so we want the right people to access the right information.
- What's a
before_action
filter in Rails?
before_action
runs something before a specified action
- How can we scope a filter down to only work with specific actions?
by defining the only:
attribute with the specific actions.
- What's an
enum
attribute in ActiveRecord? Why would we ever want to use this?
ActiveRecord enums allow you to manipulate the attributes of an ActiveRecord object in Rails such that an attribute’s values map to integers in the database (as opposed to strings), and yet can also be queried by name.
- When thinking about Authorization, why might we want to
namespace
a resource?
To create specific views and actions for that particular type of user. eg. a paying user and a demo user, they might have the same actions but the second one will have limited fields, record limits, etc.