Authorization [WIP]

At matestack, we have had good experiences using matestack with Pundit. CanCanCan, another very popular authorization library in Rails, is also supported, as shown below!
Both Pundit and CanCanCan use pure Ruby and focus on the model and controller layer, so they are compatible to matestack's UI library.
Example 1: Pundit
Here we see how Pundit defines policies and we can check for them in the controller action, just before matestack's responder_for!
A Pundit example in app/policies/user_policy.rb:
1
class UserPolicy
2
  attr_reader :user
3
​
4
  def initialize(user)
5
    @user = user
6
  end
7
​
8
  def show?
9
    user.is_visible?
10
  end
11
​
12
end
Copied!
Matestack's app/controllers/user_controller.rb:
1
class UserController < ApplicationController
2
​
3
  matestack_app UserApp
4
​
5
  def show
6
    @user = User.find_by(id: params[:id])
7
    authorize @user # checking Pundit policy
8
    render UserApp::Pages::Show # matestack page responder
9
  end
10
​
11
end
Copied!
Example 2: CanCanCan
Here we see how CanCanCan defines abilities and we can check for them in the controller action, just before matestack's responder_for!
CanCanCan's app/models/ability.rb example, borrowed from their guides:
1
class Ability
2
  include CanCan::Ability
3
​
4
  def initialize(user)
5
    can :read, :all # permissions for every user, even if not logged in    
6
    # [...]
7
  end
8
​
9
end
Copied!
Matestack's app/controllers/user_controller.rb:
1
class UserController < ApplicationController
2
​
3
  matestack_app UserApp
4
​
5
  def show
6
    @user = User.find_by(id: params[:id])
7
    authorize! :read, @user # checking for CanCanCan ability
8
    render UserApp::Pages::Show # matestack page responder
9
  end
10
​
11
end
Copied!

Integrations - Previous

Devise

Next - Integrations

CSS Frameworks [WIP]

Last modified 4mo ago

Copy link

Edit on GitHub

Contents

Example 1: Pundit

Example 2: CanCanCan