SI - Module5 - Speaker Deck

Slide 1

Slide 1 text

Module 5: Authorization and AJAX

Slide 2

Slide 2 text

@zamith

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

Authorization

Slide 5

Slide 5 text

Authorization != Authentication

Slide 6

Slide 6 text

We know who you are, but can you perform this action? “

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

Role Based Authorization

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

Authorization in Rails

Slide 11

Slide 11 text

Authentication based authorization

Slide 12

Slide 12 text

Role as a boolean

Slide 13

Slide 13 text

User.first.admin? add_column :users, :admin, :boolean, required: true, default: false db/migrate/xxx_add_role_to_users.rb rails console

Slide 14

Slide 14 text

Role as a string

Slide 15

Slide 15 text

User.first.admin? add_column :users, :role, :string, required: true, default: “regular” db/migrate/xxx_add_role_to_users.rb rails console

Slide 16

Slide 16 text

app/models/user.rb class User < ActiveRecord::Base USER_ROLES = [“regular”, “admin”] private_constant :USER_ROLES validates_inclusion_of :role, in: USER_ROLES def admin? role == "admin" end end

Slide 17

Slide 17 text

Role as a table

Slide 18

Slide 18 text

db/migrate/xxx_create_roles.rb create_table :roles do |t| t.string :name, required: true t.timestamps null: false end add_belongs_to :users, :role, index: true

Slide 19

Slide 19 text

app/models/role.rb class Role < ActiveRecord::Base USER_ROLES = %w(regular admin) private_constant :USER_ROLES validates_presence_of :name validates_inclusion_of :name, in: USER_ROLES end

Slide 20

Slide 20 text

Authorization Frameworks

Slide 21

Slide 21 text

CanCan

Slide 22

Slide 22 text

app/models/ability.rb class Ability include CanCan::Ability def initialize(user) @user = user if user public_send user.role else guest end end def guest can [:show, :update], Invite end ... ... def registered can :read, :all can :manage, Book do |book| book.team_id == @user.team.id end end def admin can :manage, :all end end

Slide 23

Slide 23 text

Pundit

Slide 24

Slide 24 text

app/controllers/restaurants_controller.rb def update @restaurant = Restaurant.find(params[:id]) authorize @restaurant if @restaurant.update(restaurant_params) redirect_to restaurants_path else render :edit end end app/policies/restaurant_policy.rb class RestaurantPolicy < ApplicationPolicy def update? user.admin? end end

Slide 25

Slide 25 text

Asynchronous JavaScript And XML (AJAX)

Slide 26

Slide 26 text

AJAX allows you to make requests to the server without reloading the page and receive and work with data from the server “

Slide 27

Slide 27 text

AJAX with jQuery

Slide 28

Slide 28 text

$.ajax({ url: "/restaurants" }) .done(function(html) { $("#results").append(html); }); $.ajax

Slide 29

Slide 29 text

$.ajax({ dataType: "json", url: "/restaurants.json", success: success }); $.getJSON $.getJSON("/restaurants.json", function() { // success });

Slide 30

Slide 30 text

Rails remote

Slide 31

Slide 31 text

<%= link_to "Click me", restaurants_path %>

Slide 32

Slide 32 text

<%= link_to "Click me", restaurants_path, remote: true %>

Slide 33

Slide 33 text

<%= link_to "Click me", restaurants_path, remote: true %> Your request is now done via AJAX The request uses the JS format, and you have to handle it on the server