4 Repos
Frameworks providing access control logic specifically for the Ruby language ecosystem.
Distinct from Ruby Frameworks: Focuses on the authorization domain for Ruby applications, not general web frameworks or linting tools.
Explore 4 awesome GitHub repositories matching security & cryptography · Ruby Authorization Frameworks. Refine with filters or upvote what's useful.
Pundit is an authorization framework for Ruby applications that enforces permissions through plain Ruby policy objects. It maps controller actions to policy methods, automatically inferring which policy class and query method to call based on the action name, and raises a custom exception when access is denied. The framework distinguishes itself by using plain Ruby classes without external DSLs or configuration files, and by providing a development-time verification guard that raises an error if a controller action runs without an authorization call. It also supports namespace-based policy or
An authorization library that enforces permissions through plain Ruby policy objects.
Pundit is a Ruby authorization framework that implements policy-based access control. It maps domain models to dedicated logic classes that determine whether a user is permitted to perform specific actions on data objects. The framework utilizes plain Ruby objects to decouple authorization logic from the model. It includes mechanisms for data query scoping to filter record collections based on user permissions, as well as attribute-level permission control to restrict which specific model fields a user can modify. The system provides tools for authorization coverage verification to ensure se
Provides a complete Ruby-based framework for defining and enforcing access policies on data objects.
CanCanCan is an authorization library for Ruby on Rails that lets developers define user permissions in a single, centralized file using a readable domain-specific language. It enforces those permissions across controllers, views, and database queries, providing a unified approach to access control in Rails applications. The library works by evaluating a prioritized list of rules that combine actions, models, and conditions, supporting aliases, blocks, and conditional logic. It automatically authorizes controller actions through Rails' before_action lifecycle, raising exceptions on unauthoriz
An authorization library for Ruby on Rails that defines permissions in a single file and enforces them across controllers, views, and queries.
Authority is an authorization framework for Ruby on Rails applications that manages user permissions and access control policies. It provides a system for encapsulating complex security logic into dedicated classes, separating these concerns from core business models. The library enforces security rules by intercepting web requests at the controller level and validating actions against defined policies. It utilizes convention-based mapping to automatically associate models with their corresponding authorization classes, supporting both global checks and instance-aware validation for specific
Provides a dedicated authorization framework for managing permissions and access control policies within Ruby on Rails applications.