Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Layered Design for Ruby on Rails Applications

You're reading from   Layered Design for Ruby on Rails Applications Discover practical design patterns for maintainable web applications

Arrow left icon
Product type Paperback
Published in Aug 2023
Publisher Packt
ISBN-13 9781801813785
Length 298 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Vladimir Dementyev Vladimir Dementyev
Author Profile Icon Vladimir Dementyev
Vladimir Dementyev
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1: Exploring Rails and Its Abstractions
2. Chapter 1: Rails as a Web Application Framework FREE CHAPTER 3. Chapter 2: Active Models and Records 4. Chapter 3: More Adapters, Less Implementations 5. Chapter 4: Rails Anti-Patterns? 6. Chapter 5: When Rails Abstractions Are Not Enough 7. Part 2: Extracting Layers from Models
8. Chapter 6: Data Layer Abstractions 9. Chapter 7: Handling User Input outside of Models 10. Chapter 8: Pulling Out the Representation Layer 11. Part 3: Essential Layers for Rails Applications
12. Chapter 9: Authorization Models and Layers 13. Chapter 10: Crafting the Notifications Layer 14. Chapter 11: Better Abstractions for HTML Views 15. Chapter 12: Configuration as a First-Class Application Citizen 16. Chapter 13: Cross-Layers and Off-Layers 17. Index
18. Gems and Patterns 19. Other Books You May Enjoy

Authorization models

Although the act of authorization happens in the presentation layer, its roots lie much deeper—in the domain layer. To answer the question Am I allowed to…?, we usually rely on some properties of the domain objects. Thus, we rely on the domain model. The subset of the domain model responsible for authorization logic is called the authorization model. Let’s do a quick overview of common authorization models.

Domain-less authorization models

Technically, to perform authorization, we mustn’t have a dedicated model. For example, if you build an application in which a user can only work with their own data (for example, personal notes management), there is no need to introduce roles, permissions, and so on.

All you need is to verify that a target object belongs to the current user. We did this in the previous example, reproduced here:

class PostsController < ApplicationController  def destroy
    ...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image