I'm trying to learn rails, but am getting stuck on the best practices that allow you to set up a guest section, a section for authenticated users, and a section for administrators that can oversee the guests and users and what they do. I've tried a few tutorials, but I haven't hit upon one that gets it all together and actually works.
For example: I'd like unauthenticated guests to be able to, read posts written by users, Users to create and edit their own posts, and admins to be able to moderate / edit / delete users and their posts.
3 thoughts on “Can anyone recommend a clear step-by-step tutorial that sets up a new rails app with authentication and roles-based authorization?”
Is the documentation for the term you’re using bad?
As the other user has said, the Hartl tutorial goes over every bit of this. in the controller, you authenticate except for the index and show actions. You also have a boolean on User that you toggle yourself in the console. If post.user == current_user || current_user.admin?, allow access to the edit and delete actions. You don’t even need a role library like cancan to do this if it is in fact as simple as you describe.
Railscasts. In this order;
Authentication from scratch:
Authentication with Devise:
Authorization with cancan:
He doesn’t really do them any more but when I was first getting into Ruby I found these tutorials absolutely invaluable for getting from beginner to intermediate (and a little beyond)
Some of them might be a little put of date but the principles should be intact.