pundit - ruby on rails police department
TRANSCRIPT
PUNDITRuby on Rails Police Department
Piotr Kochowicz
AGENDA
Motivation
Gem overview
Use cases
MOTIVATION
Peer discussion
Project experience
Curiosity
PUNDIT history
created by ELABS
alternative for CanCan
based on objectify
PUNDIT
simple
object oriented
flexible
isolated
APPLICATION POLICY
Base class for policies
Defines default policy behaviour
POLICY
Defined for an object
Accesses a user and an object
Contains Scope class and authorization methods
inherits from ApplicationPolicy
APPLICATION CONTROLLER
Ensures policies are used
Handles authorization exception
Additional exception info
exception.policy
exception.query
exception.record
CONTROLLER
Uses policy for scoping
Authorizes object
RSPEC
RSPEC simple
http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/
OTHER FEATURES
Using policy in a view
Strong parameters
Custom user
Custom policy class
OTHER FEATURES
Policy without objectAlias method
DISCUSSION
Best use cases
Where it creates overhead?
Thank you
Piotr Kochowicz [email protected]
Reference:https://github.com/elabs/pundithttp://www.elabs.se/blog/52-simple-authorization-in-ruby-on-rails-appshttp://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/http://www.sitepoint.com/straightforward-rails-authorization-with-pundit/https://github.com/FetLife/objectifyhttp://www.slideshare.net/BruceWhite3/pundit-37048056 by Bruce Whitehttp://slides.com/maciekbrodecki/prezpundit#/ by Maciej Brodecki