palkan/action_policy palkan/action_policy

Authorization
  • Stars
    star
    1,324
  • Rank 34,033 (Top 0.7 %)
  • Language
    Ruby
  • License
    MIT License
  • Created about 6 years ago
  • Updated 21 days ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
palkan/action_policy
github

palkan

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Authorization framework for Ruby/Rails applications

Gem Version Build JRuby Build Documentation Coverage Status

Action Policy

Authorization framework for Ruby and Rails applications.

Composable. Extensible. Performant.

📑 Documentation

Sponsored by Evil Martians

Resources

  • RubyRussia, 2019 "Welcome, or access denied?" talk (video [RU], slides)

  • Seattle.rb, 2019 "A Denial!" talk (slides)

  • RailsConf, 2018 "Access Denied" talk (video, slides)

Integrations

Installation

Add this line to your application's Gemfile:

gem "action_policy"

And then execute:

bundle install

Usage

Action Policy relies on resource-specific policy classes (just like Pundit).

First, add an application-specific ApplicationPolicy with some global configuration to inherit from:

class ApplicationPolicy < ActionPolicy::Base
end

This may be done with rails generate action_policy:install generator.

Then write a policy for a resource. For example:

class PostPolicy < ApplicationPolicy
  # everyone can see any post
  def show?
    true
  end

  def update?
    # `user` is a performing subject,
    # `record` is a target object (post we want to update)
    user.admin? || (user.id == record.user_id)
  end
end

This may be done with rails generate action_policy:policy Post generator. You can also use rails generate action_policy:policy Post --parent=BasePolicy to make the generated policy inherits from BasePolicy.

Now you can easily add authorization to your Rails* controller:

class PostsController < ApplicationController
  def update
    @post = Post.find(params[:id])
    authorize! @post

    if @post.update(post_params)
      redirect_to @post
    else
      render :edit
    end
  end
end

* See Non-Rails Usage on how to add authorize! to any Ruby project.

When authorization is successful (i.e., the corresponding rule returns true), nothing happens, but in case of authorization failure ActionPolicy::Unauthorized error is raised.

There is also an allowed_to? method which returns true or false, and could be used, in views, for example:

<% @posts.each do |post| %>
  <li><%= post.title %>
    <% if allowed_to?(:edit?, post) %>
      <%= link_to post, "Edit">
    <% end %>
  </li>
<% end %>

Read more in our Documentation.

Alternatives

There are many authorization libraries for Ruby/Rails applications.

What makes Action Policy different? See this section in our docs.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/palkan/action_policy.

License

The gem is available as open source under the terms of the MIT License.

More Repositories

1

logidze

Database changes log for Rails
Ruby
1,555
star
2

isolator

Detect non-atomic interactions within DB transactions
Ruby
814
star
3

anyway_config

Configuration library for Ruby gems and applications
Ruby
719
star
4

active_delivery

Ruby framework for keeping all types of notifications (mailers, push notifications, whatever) in one place
Ruby
585
star
5

n_plus_one_control

RSpec and Minitest matchers to prevent N+1 queries problem
Ruby
543
star
6

store_attribute

ActiveRecord extension which adds typecasting to store accessors
Ruby
344
star
7

view_component-contrib

A collection of extension and developer tools for ViewComponent
Ruby
318
star
8

litecable

Lightweight Action Cable implementation (Rails-free)
Ruby
285
star
9

acli

Action Cable command-line client
Ruby
222
star
10

action-cable-testing

Action Cable testing utils
Ruby
209
star
11

rubanok

Parameters-based transformation DSL
Ruby
200
star
12

active_event_store

Rails Event Store in a more Rails way
Ruby
167
star
13

action_policy-graphql

Action Policy integration for GraphQL
Ruby
149
star
14

engems

Rails component-based architecture on top of engines and gems (showroom)
Ruby
136
star
15

influxer

InfluxDB ActiveRecord-style
Ruby
118
star
16

abstract_notifier

ActionMailer-like interface for any type of notifications
Ruby
116
star
17

wsdirector

All the world's a server, and all the men and women merely clients
Ruby
99
star
18

pgrel

ActiveRecord extension for querying hstore and jsonb
Ruby
93
star
19

gem-check

GemCheck: Writing Better Ruby Gems Checklist
CSS
93
star
20

turbo-music-drive

Exploring Turbo future features while building a music library app
Ruby
89
star
21

rbytes

Ruby Bytes helps you build, deploy and install Ruby and Rails application templates
Ruby
65
star
22

faqueue

Researching background jobs fairness
Ruby
63
star
23

downstream

Straightforward way to implement communication between Rails Engines using the Publish-Subscribe pattern.
Ruby
47
star
24

influx_udp

Erlang InfluxDB UDP writer
Erlang
31
star
25

newgem

Custom script to generate new gems
Ruby
30
star
26

ruby-dip

Docker-based development environment for hacking Ruby MRI
Dockerfile
30
star
27

turbo-view-transitions

View Transitions API for Turbo
TypeScript
28
star
28

erlgrpc

GRPC client for Erlang
Erlang
25
star
29

as3_p2plocal

as3 lib for local p2p connections (serverless rtmfp)
ActionScript
25
star
30

rails-intest-views

Generate view templates dynamically in Rails tests
Ruby
20
star
31

sharelatex-vagrant-ansible

Vagrant + Ansible configuration for ShareLatex
Shell
12
star
32

docsify-namespaced

Docsify plugin to work with namespaces
JavaScript
11
star
33

docs-example

Playground for dealing with documentation engines
7
star
34

ruby-russia-2020

RubyRussia 2020 "Frontendless Rails" workshop demo app
Ruby
6
star
35

engine-cable-app

Experimenting with Action Cable and engines
Ruby
6
star
36

palkan

It's me
4
star
37

ruby-compatibility-examples

Collections of reproduction cases for TruffleRuby vs. MRI (in)compatibility
Ruby
3
star
38

erffmpeg

Erlang wrapper for some ffmpeg
C
3
star
39

th-dummy

TH Dummy
Ruby
2
star
40

ulitos

Erlang utils modules
Erlang
2
star
41

meetings

Good old Teachbase Meetings client
ActionScript
2
star
42

macos-setup

Shell
1
star
43

bitrix-orm

Bitrix kinda ORM for IBlockElements and CUser.
PHP
1
star
44

adventofcode2018

https://adventofcode.com
Rust
1
star
45

tb_utils

ActionScript 3 library
ActionScript
1
star
46

rebar_templates

Custom rebar templates
Erlang
1
star