{"id":13483077,"url":"https://github.com/palkan/action_policy","last_synced_at":"2025-05-13T00:13:40.081Z","repository":{"id":31886573,"uuid":"127313360","full_name":"palkan/action_policy","owner":"palkan","description":"Authorization framework for Ruby/Rails applications","archived":false,"fork":false,"pushed_at":"2025-05-09T18:06:38.000Z","size":1517,"stargazers_count":1458,"open_issues_count":1,"forks_count":93,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-05-09T18:17:13.417Z","etag":null,"topics":["authorization","hacktoberfest","rails","ruby"],"latest_commit_sha":null,"homepage":"https://actionpolicy.evilmartians.io","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/palkan.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"palkan"}},"created_at":"2018-03-29T15:46:19.000Z","updated_at":"2025-05-09T18:06:32.000Z","dependencies_parsed_at":"2024-09-13T11:12:38.487Z","dependency_job_id":"782e1f13-3dbc-4877-93f2-7f71ca776cb5","html_url":"https://github.com/palkan/action_policy","commit_stats":{"total_commits":449,"total_committers":50,"mean_commits":8.98,"dds":0.3184855233853007,"last_synced_commit":"58452cf563dbaffd8252b9397a79ca7cb0343851"},"previous_names":[],"tags_count":42,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkan%2Faction_policy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkan%2Faction_policy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkan%2Faction_policy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/palkan%2Faction_policy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/palkan","download_url":"https://codeload.github.com/palkan/action_policy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253843225,"owners_count":21972874,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","hacktoberfest","rails","ruby"],"created_at":"2024-07-31T17:01:08.056Z","updated_at":"2025-05-13T00:13:40.034Z","avatar_url":"https://github.com/palkan.png","language":"Ruby","readme":"[![Gem Version](https://badge.fury.io/rb/action_policy.svg)](https://badge.fury.io/rb/action_policy)\n![Build](https://github.com/palkan/action_policy/workflows/Build/badge.svg)\n![JRuby Build](https://github.com/palkan/action_policy/workflows/JRuby%20Build/badge.svg)\n[![Documentation](https://img.shields.io/badge/docs-link-brightgreen.svg)](https://actionpolicy.evilmartians.io)\n[![Coverage Status](https://coveralls.io/repos/github/palkan/action_policy/badge.svg)](https://coveralls.io/github/palkan/action_policy)\n\n# Action Policy\n\n\u003cimg align=\"right\" height=\"150\" width=\"129\"\n     title=\"Action Policy logo\" src=\"./docs/assets/images/logo.svg\"\u003e\n\nAuthorization framework for Ruby and Rails applications.\n\nComposable. Extensible. Performant.\n\n📑 [Documentation](https://actionpolicy.evilmartians.io)\n\n\u003ca href=\"https://evilmartians.com/?utm_source=action_policy\"\u003e\n\u003cimg src=\"https://evilmartians.com/badges/sponsored-by-evil-martians.svg\" alt=\"Sponsored by Evil Martians\" width=\"236\" height=\"54\"\u003e\u003c/a\u003e\n\n## Resources\n\n- RubyRussia, 2019 \"Welcome, or access denied?\" talk ([video](https://www.youtube.com/watch?v=y15a2g7v8i0) [RU], [slides](https://speakerdeck.com/palkan/rubyrussia-2019-welcome-or-access-denied))\n\n- Seattle.rb, 2019 \"A Denial!\" talk ([slides](https://speakerdeck.com/palkan/seattle-dot-rb-2019-a-denial))\n\n- RailsConf, 2018 \"Access Denied\" talk ([video](https://www.youtube.com/watch?v=NVwx0DARDis), [slides](https://speakerdeck.com/palkan/railsconf-2018-access-denied-the-missing-guide-to-authorization-in-rails))\n\n## Integrations\n\n- GraphQL Ruby ([`action_policy-graphql`](https://github.com/palkan/action_policy-graphql))\n- Graphiti (JSON:API) ([`action_policy-graphiti`](https://github.com/shrimple-tech/action_policy-graphiti))\n\n## Installation\n\nAdd this line to your application's `Gemfile`:\n\n```ruby\ngem \"action_policy\"\n```\n\nAnd then execute:\n\n```sh\nbundle install\n```\n\n## Usage\n\nAction Policy relies on resource-specific policy classes (just like [Pundit](https://github.com/varvet/pundit)).\n\nFirst, add an application-specific `ApplicationPolicy` with some global configuration to inherit from:\n\n```ruby\nclass ApplicationPolicy \u003c ActionPolicy::Base\nend\n```\n\nThis may be done with `rails generate action_policy:install` generator.\n\nThen write a policy for a resource. For example:\n\n```ruby\nclass PostPolicy \u003c ApplicationPolicy\n  # everyone can see any post\n  def show?\n    true\n  end\n\n  def update?\n    # `user` is a performing subject,\n    # `record` is a target object (post we want to update)\n    user.admin? || (user.id == record.user_id)\n  end\nend\n```\n\nThis may be done with `rails generate action_policy:policy Post` generator.\nYou can also use `rails generate action_policy:policy Post --parent=BasePolicy` to make the generated policy inherits\nfrom `BasePolicy`.\n\nNow you can easily add authorization to your Rails\\* controller:\n\n```ruby\nclass PostsController \u003c ApplicationController\n  def update\n    @post = Post.find(params[:id])\n    authorize! @post\n\n    if @post.update(post_params)\n      redirect_to @post\n    else\n      render :edit\n    end\n  end\nend\n```\n\n\\* See [Non-Rails Usage](docs/non_rails.md) on how to add `authorize!` to any Ruby project.\n\nWhen authorization is successful (i.e., the corresponding rule returns `true`), nothing happens, but in case of authorization failure `ActionPolicy::Unauthorized` error is raised.\n\nThere is also an `allowed_to?` method which returns `true` or `false`, and could be used, in views, for example:\n\n```erb\n\u003c% @posts.each do |post| %\u003e\n  \u003cli\u003e\u003c%= post.title %\u003e\n    \u003c% if allowed_to?(:edit?, post) %\u003e\n      \u003c%= link_to post, \"Edit\"\u003e\n    \u003c% end %\u003e\n  \u003c/li\u003e\n\u003c% end %\u003e\n```\n\nRead more in our [Documentation][].\n\n## Alternatives\n\nThere are [many authorization libraries](https://www.ruby-toolbox.com/categories/rails_authorization) for Ruby/Rails applications.\n\nWhat makes Action Policy different? See [this section](https://actionpolicy.evilmartians.io/#/?id=what-about-the-existing-solutions) in our docs.\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/palkan/action_policy.\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).\n\n[Documentation]: http://actionpolicy.evilmartians.io\n","funding_links":["https://github.com/sponsors/palkan"],"categories":["Ruby","Gems","Authorization"],"sub_categories":["Articles"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalkan%2Faction_policy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpalkan%2Faction_policy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpalkan%2Faction_policy/lists"}