Milestone 7: Authentication and Authorization for Property Management System.

peter chendipeter chendi
2 min read

Table of contents

In my previous milestone (milestone 6), I create the API endpoints for CRUD(Create, Read, Update, and Delete) functionalities for user and house entities, In addition, I enhance the integrity and reliability of the system by implementing associations between the related tables and validation on the attribute on each entity.

Continuing with the progress, in this milestone, I have enhanced the security of the system by implementing authentication and authorization mechanisms.

Authentication mechanism

  • To ensure secure user authentication, I used the JWT(JSON Web Token) technology to generate a token when the user signs up or logs in. This token helps the server to know which user is making a request. Below is a screenshot of a generated token when a user logs in.

  • I wrote an article that provides step-by-step instructions on implementing JWT-based authentication in Rails. Here is the link

Authorization mechanism

  • To maintain strict control over system access, I implemented an authorization mechanism. In the application controller, I created a method that verifies:

    • The user's role

    • Whether the user is the owner of a house

    • Only registered users can create a house.

This approach ensures that only registered users can create a house, and only the admin and house owners have permission to modify or delete a house. Below is the screenshot of the method.

In addition to the above security measures

  • I incorporated active storage functionality to facilitate the uploading of images and videos for the house entity, as well as avatars for the user entity. I wrote an article on how to implement active storage in an application here is the link.

  • I optimized the API format to the json_api standard. This format offers a straightforward and user-friendly approach to working with APIs

  • Lastly, I wrote the tests for the controllers and models using rspec to write the test, and faker to generate fake data.

Challenges faced

  • I encountered some challenges, particularly in optimizing the API format to json_api. However, I managed to overcome these difficulties with the help of a video tutorial that provided valuable insights and solutions.

For the next milestone, I will reveal the UX design I will be using in the front end of the application. Stay tuned!!

0
Subscribe to my newsletter

Read articles from peter chendi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Ruby on RailsauthenticationauthorizationStartupsrental business

Written by

peter chendi
peter chendi

Hello, I'm Peter Chendi, a full-stack developer who is obsessed with building high-quality, Well organized, and maintainable web applications that provide exceptional user experiences using different languages and frameworks like Javascript, React, Redux, Ruby, Ruby on Rails, etc following the best code practices. Here is a link to my portfolio https://peter-portfolio-chendi.netlify.app/ In my previous role as a full-time Microverse student, I spent months immersed in a remote development environment, collaborating with amazing peers around the world with diverse backgrounds and cultures to develop a variety of web applications, blogging apps, and more. Here is a link to my GitHub: https://github.com/anyepeter. I am passionate about developing scalable software, as well as user-friendly and responsive websites, and I enjoy learning new technologies. I'm eager to collaborate with a talented team of developers, designers, and support specialists to build tools and products that empower businesses to deliver better customer experiences and streamline their support operations. Regarding my expertise, I have experience with; Programming languages: Javascript, Ruby, PHP Libraries & Frameworks: React, Ruby on Rails, Laravel, Vue Web Development: HTML5, CSS3 Database Management: SQL, MySQL, PostgreSQL Operating Systems: Windows, MacOS Version Control: Git Software Development Methodologies: Agile Developer tools: GitHub, Slack Deployment and hosting: AWS, Render, Netlify Professional: Remote pair programming, Teamwork, Mentoring I am currently seeking new opportunities as a full-stack developer and would be thrilled to connect with anyone who shares my passion for building high-quality, maintainable software solutions. Let's schedule a Zoom chat to discuss how we can work together to create something amazing. Feel free to email me at petzyrockchendi@gmail.com."