Skip to content

Commit

Permalink
Use Pundit for authorization (#720)
Browse files Browse the repository at this point in the history 
Authorization is the process of ensuring that users have access to the
data that only they should access. It's a common flow found in many
different Rails applications.

Pundit is takes the approach of using regular Ruby classes and OO design
which makes it pleasant to use.

This recommendation comes after it's been used on many applications,
including support included in Administrate.

https://github.com/varvet/pundit
https://administrate-demo.herokuapp.com/authorization
  • Loading branch information
@nickcharlton
nickcharlton authored Feb 28, 2025
1 parent e03da33 commit e383492
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions rails/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@
- [Use blocks](/ruby/sample_2.rb#L10) when declaring date and time attributes in
FactoryBot factories.
- Use `touch: true` when declaring `belongs_to` relationships.
- Use [Pundit][] when you need to restrict access to models and data.

[Pundit]: https://github.com/varvet/pundit

## Translations

Expand Down

0 comments on commit e383492

Please sign in to comment.