Security & Policies

Thursday, May 21st, 2015
By Louis Bacon

With a brief of having specific user restrictions to resources from our API  based on access_tokens we have recently begun using policies which are native to the pundit gem.

“Pundit provides a set of helpers which guide you in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system”

A nice feature of pundit is using scope’s. Lets look at the scope for article resources.

You can see we scope these resources to either all, branch specific, or none depending on the users permissions. Here is the controller action.

This pulls the correct records and serializes them. You will note the added PaginationSerializer which is discussed in another article.

a