Add Action Access authorization gem.

[matiasgali]

Action Access is a very lightweight access control system for Rails that works at controller level focusing on what actions are accessible for the current user instead of messing with models and their attributes. It has a really clear DSL including utilities for thorough control and some useful view helpers.

[hothero]

Could you describe the main difference of action_access and pundit?

[matiasgali]

At plain sight I'd say that Pundit it's much more verbose and less modular, it spreads out setting and checking permissions between policies and controller actions whereas Action Access uses small declarative authorization statements right in the controller. By having everything related to a controller within the controller you get it's logic at a glimpse and it avoids the possibility of leaving stale code after refactoring.

After gem set up the following two examples do exactly the same, allow admin users to edit posts.

Pundit

class PostPolicy
  attr_reader :user

  def initialize(user)
    @user = user
  end

  def update?
    user.admin?
  end
end

class PostsController < ApplicationController
  def update
    @post = Post.find(params[:id])
    authorize @post
    # ...
  end
end

Action Access

class PostsController < ApplicationController
  let :admins, :update

  def update
    # ...
  end
end

Utilities for fine grained control and helpers come out of the box too, please take a quick look at the readme.