12 Gems of Christmas #9 – pundit
When it comes to authorization, Ryan Bates' CanCan gem is the 800 lb gorilla that most Rails apps use. pundit is the latest gem from Jonas Nicklas (author of Carrierwave and Capybara) with some interesting ideas that you might like. Pundit uses code conventions along with a plain old Ruby API to make for a very simple implementation. First, write a policy for each type of model you wish to authorize:
class PostPolicy < Struct.new(:user, :post) def create? user.admin? or not post.published? end end
Then in the corresponding controller, use
authorize to verify permissions:
def create @post = Post.new(params[:post]) authorize @post if @post.save redirect_to @post else render :new end end
Pundit assumes the current user is available via
current_user within the controller and passes it to your policy along with the model instance.
There’s a few more features to be discovered over on the GitHub README but the entire library is less than 200 lines of code; it’s beautifully succinct.
Next up, I’ll cover a handy little gem for creating nice PDF files without having to dive into the complexities of the PDF format.