varvet/pundit

Features

• Ruby Authorization Frameworks - An authorization library that enforces permissions through plain Ruby policy objects.
• Authorization Coverage Guards - Provides a development-only guard that raises an error if an action runs without authorization.
• Authorization Scope Classes - Restricts database queries to authorized records using policy-defined scope classes.
• Authorization Query Scopes - Limits database query results to records the current user is permitted to see.
• Policy-Defined Query Scopes - Filters database queries through policy-defined scope classes to restrict results to authorized records.
• Authorization Policies - Encapsulates authorization logic in plain Ruby policy objects with query methods for actions.
• Controller Action Authorization - Authorizes controller actions by inferring policy classes and calling the matching query method.
• Policy-Based Access Control - Maps controller actions to policy classes and query methods for permission checks.
• Authorization Coverage Auditing - Raises an exception in development if a controller action runs without an authorization check.
• Authorization Exception Flows - Raises custom exceptions on denied permissions that can be rescued for user-friendly responses.
• Controller Action Resolution - Maps controller action names to policy methods for automatic permission checking.
• Customizable User Resolution - Enables customization of the user lookup method for authorization checks.
• Customizable User Lookups - Overrides the default user lookup so authorization uses a different method or object.
• Policy Permission Specs - Provides expressive test specs for validating which roles are allowed or denied specific actions.
• Authorization Exception Rescue - Catches denied-permission exceptions to redirect users with custom messages or error pages.
• Namespace Grouping - Groups policies under module prefixes to separate authorization rules for different contexts.

Star history