Download
Pundit (varvet/pundit) is a Ruby gem that provides a simple and effective framework for adding authorization logic to Rails (or other Ruby) applications. It centers around policy classes—one policy per model or resource—that define what actions a given user is permitted to perform (e.g., show?, update?, destroy?). Each policy method returns a boolean, and can be structured using combinators or shared logic to keep things DRY. In controllers and views, Pundit provides helpers like authorize, policy_scope, and policy to enforce those rules cleanly and consistently. The policy_scope feature is especially helpful—it restricts index or list queries to only the records the current user can see by applying scopes defined in the policy class. Pundit encourages placing authorization logic close to the model domain without muddling controllers or views, making permissions easier to reason about and testable.
Features
- A Ruby library for authorization in web applications
- Scope objects for limiting which records a user is allowed to see
- Helpers for integrating with controllers, like authorize and policy_scope
- No heavy DSL; very Ruby-ish, minimal overhead, simple, maintainable codebase
- Built-in generator to scaffold initial policy setup in a Rails app
- Works with or without ActiveRecord / Rails models (i.e. can authorize plain objects too)
Project Samples
