Open matiasgali opened 8 years ago
At plain sight I'd say that Pundit it's much more verbose and less modular, it spreads out setting and checking permissions between policies and controller actions whereas Action Access uses small declarative authorization statements right in the controller. By having everything related to a controller within the controller you get it's logic at a glimpse and it avoids the possibility of leaving stale code after refactoring.
After gem set up the following two examples do exactly the same, allow admin users to edit posts.
class PostPolicy
attr_reader :user
def initialize(user)
@user = user
end
def update?
user.admin?
end
end
class PostsController < ApplicationController
def update
@post = Post.find(params[:id])
authorize @post
# ...
end
end
class PostsController < ApplicationController
let :admins, :update
def update
# ...
end
end
Utilities for fine grained control and helpers come out of the box too, please take a quick look at the readme.
Action Access is a very lightweight access control system for Rails that works at controller level focusing on what actions are accessible for the current user instead of messing with models and their attributes. It has a really clear DSL including utilities for thorough control and some useful view helpers.