Some developers confuse the terms Authentication and Authorization. At first, I also kind of lumped them both in the same bucket. Eventually, I figured out the differences, and wanted to address the issue here to help clarify things a bit.
User *authentication* is looking them up in the Users database to ensure they have an account in your system.
User *authorization* is a system of determining what areas of your app the User can access once they are authenticated into the site.
I use two popular Rails gems that pretty much give you a drop-in solution for authentication and authorization. Devise is a Rails gem for User Authentication, and CanCan (by Ryan Bates of RailsCasts fame) is for User Authentication.
I ran across these great articles on another blog that describes using Rails and CanCan together:
Article 1: Getting Started with Devise and CanCan The article includes very detailed steps and code samples for both Devise and CanCan.
Article 2: Devise and CanCan – Restful Resources for Administrators
You can also read my blog post about Getting started with Devise, which includes lots of other helpful Devise links to get you started.
One thought on “Rails Authorization and Authentication”
Thank you for the above article.
Do you have more resources on how to configure devise with multiple roles – the article you posted, although is very good, is missing a few bits and pieces. any advice much appreciated.