A small authorization library, inspired by Pundit, but built for scopes

15-Aug-2019 1528
Moat is a minimalist authorization library for Ruby web applications. It is inspired by Pundit.Moat vs. Pundit: What's the difference?They are similar libraries, with an important distinction: Pundit is centered around authorizing individual resources, while Moat encourages filtering collections instead. The reasons for this are described below.Moat vs. Pundit: PerformanceIf you are working with a collection (index actions, bulk actions, nested attributes, etc.), authorizing one object at a time can easily lead to N 1 performance problems. Pundit does have scopes, but only one per policy. This is not sufficient for authorizing multiple types of actions that involve collections.Moat vs. Pundit: SecurityUsing scopes allows authorization to be applied before the sensitive data is loaded from the database. This is consistent with the Brakeman recommendation to not use an Unscoped Find, also known as Direct Object Reference.
Use coupon code:

RUBYONRAILS

to get 30% discount on our bundle!
Prepare for your next tech interview with our comprehensive collection of programming interview guides. Covering JavaScript, Ruby on Rails, React, and Python, these highly-rated books offer thousands of essential questions and answers to boost your interview success. Buy our 'Ultimate Job Interview Preparation eBook Bundle' featuring 2200+ questions across multiple languages. Ultimate Job Interview Preparation eBook Bundle