apcode's blog

Milestone 7: Authentication and Authorization for Property Management System.

Milestone 7: Authentication and Authorization for Property Management System.

peter chendi's photo
peter chendi
·

2 min read

Table of contents

In my previous milestone (milestone 6), I create the API endpoints for CRUD(Create, Read, Update, and Delete) functionalities for user and house entities, In addition, I enhance the integrity and reliability of the system by implementing associations between the related tables and validation on the attribute on each entity.

Continuing with the progress, in this milestone, I have enhanced the security of the system by implementing authentication and authorization mechanisms.

Authentication mechanism

  • To ensure secure user authentication, I used the JWT(JSON Web Token) technology to generate a token when the user signs up or logs in. This token helps the server to know which user is making a request. Below is a screenshot of a generated token when a user logs in.

  • I wrote an article that provides step-by-step instructions on implementing JWT-based authentication in Rails. Here is the link

Authorization mechanism

  • To maintain strict control over system access, I implemented an authorization mechanism. In the application controller, I created a method that verifies:

    • The user's role

    • Whether the user is the owner of a house

    • Only registered users can create a house.

This approach ensures that only registered users can create a house, and only the admin and house owners have permission to modify or delete a house. Below is the screenshot of the method.

In addition to the above security measures

  • I incorporated active storage functionality to facilitate the uploading of images and videos for the house entity, as well as avatars for the user entity. I wrote an article on how to implement active storage in an application here is the link.

  • I optimized the API format to the json_api standard. This format offers a straightforward and user-friendly approach to working with APIs

  • Lastly, I wrote the tests for the controllers and models using rspec to write the test, and faker to generate fake data.

Challenges faced

  • I encountered some challenges, particularly in optimizing the API format to json_api. However, I managed to overcome these difficulties with the help of a video tutorial that provided valuable insights and solutions.

For the next milestone, I will reveal the UX design I will be using in the front end of the application. Stay tuned!!

Ruby on RailsauthenticationauthorizationStartupsrental business