Daniel

Thanks Chris, this is really helpful

You can use a gem like cancancan to manage what your different user types can see and do

I'm building a blogging application at the moment and I am wondering what the best way to allow users to embed youtube/spotify/soundcloud content into the blog posts. From what I understand simply wrapping the post in html_safe could leave the site open to attacks if someone with not the best intentions gets login credentials.

The other option I thought of was letting users paste the urls (youtube.com/watch....) and generating the embed code by parsing the video id from the url. This seems like a lot of work to implement for each website and I'd rather not go messing around with regexes. I guess this is a common feature for sites and I was wondering what the standard way of doing this is.