A small authorization library, inspired by Pundit, but built for scopes
15-Aug-2019 1492
Moat is a minimalist authorization library for Ruby web applications. It is inspired by Pundit.Moat vs. Pundit: What's the difference?They are similar libraries, with an important distinction: Pundit is centered around authorizing individual resources, while Moat encourages filtering collections instead. The reasons for this are described below.Moat vs. Pundit: PerformanceIf you are working with a collection (index actions, bulk actions, nested attributes, etc.), authorizing one object at a time can easily lead to N 1 performance problems. Pundit does have scopes, but only one per policy. This is not sufficient for authorizing multiple types of actions that involve collections.Moat vs. Pundit: SecurityUsing scopes allows authorization to be applied before the sensitive data is loaded from the database. This is consistent with the Brakeman recommendation to not use an Unscoped Find, also known as Direct Object Reference.
A small authorization library, inspired by Pundit, but built for scopes #ruby #rubydeveloper #rubyonrails #small #authorization #library, #inspired #Pundit, #built #scopes #authorization #library, https://rubyonrails.ba/link/a-small-authorization-library-inspired-by-pundit-but-built-for-scopes