Home
PunditRoles is a helper gem which works on top of Pundit (if you are not familiar with Pundit, it is recommended you read it's documentation before continuing). It allows you to extend Pundit's authorization system to include attributes and associations, and provides a couple of helpers for convenience.
If you are already using Pundit, this should not conflict with any of Pundit's existing functionality. You may use Pundit's features as well as the features from this gem interchangeably. There are some caveats however, see the Porting over from Pundit.
Please note that this gem is not affiliated with Pundit or it's creators, but it very much appreciates the work that they did with their great authorization system.
Add this line to your application's Gemfile:
gem 'pundit_roles'
Add PunditRoles to your ApplicationController(Pundit is included in PunditRoles, so no need to add both)
class ApplicationController < ActionController::Base
include PunditRoles
end
And inherit your ApplicationPolicy from Policy::Base
class ApplicationPolicy < Policy::Base
end
- The basics
- Defining roles
- Declaring attributes and associations
- The Guest role
- Defining scopes for roles
- Authorizing associations
- Strong Parameters
- Helper methods
If you're already using Pundit, this gem should not conflict with any existing functionality. However, there are a couple of things to watch out for:
- PunditRoles uses
@resouce
instead of@record
in the Policy. This change was made, to reflect the fact that the Policy can have scopes as well as records passed to it. - PunditRoles uses the bang methods
authorize!
andpolicy_scope!
, instead ofauthorize
andpolicy_scope
. - PunditRoles does not use the
Scope
class of Pundit, but it is included inPolicy::Base
so you may use that as well, if you so choose.