Blog app: add authorization rules

[learnwithalfred]

Project requirements completed

• Install CanCanCan in your project.
• Add a role column to the users table. Remember to use a migration for this.
  • A user can delete a post if it is theirs or if they have an admin role (column role has value "admin"). Use CanCanCan for this authorization.
  • For that you need to implement the post deleting functionality. Add the "Delete" button to the view and make sure that only authorized users can see it.
  • A user can delete a comment if it is theirs or if they have an admin role (column role has value "admin"). Use CanCanCan for this authorization.
  • For that you need to implement the comment deleting functionality. Add the "Delete" button to the view and make sure that only authorized users can see it.

screenshot

can delete if admin or post creator

else cannot delete

Same with comments

[mikethreels]

Hi Team,

Your project is complete! There is nothing else to say other than... it's time to merge it
Congratulations! 🎉

Highlights

• linters are passing

Optional suggestions

Every comment with the [OPTIONAL] prefix won't stop the approval of this PR. However, I strongly recommend you take them into account as they can make your code better. Some of them were simply missed by the previous reviewer and addressing them will really improve your application.

Cheers and Happy coding!👏👏👏

Feel free to leave any questions or comments in the PR thread if something is not 100% clear.
Remember to tag me in your question so I can receive the notification.

---

As described in the Code reviews limits policy you have a limited number of reviews per project (check the exact number in your Dashboard). If you think that the code review was not fair, you can request a second opinion using this form.