Access Denied: the missing guide to authorization in Rails

A presentation at RailsConf in April 2018 in Pittsburgh, PA, USA by Vladimir Dementyev

Rails brings us a lot of useful tools out-of-the-box, but there are missing parts too. For example, for such essential tasks as authorization we are on our own. Even if we choose a trending OSS solution, we still have to care about the way to keep our code maintainable, efficient, and, of course, bug-less.

Working on Rails projects, I’ve noticed some common patterns in designing access systems as well as useful code techniques I’d like to share with you in this talk.

Video

Resources

The following resources were mentioned during the presentation or are useful additional information.

Action Policy

Buzz and feedback

Here’s what was said about this presentation on social media.

New authorization framework for Rails from @palkan_tula: action_policy https://t.co/gq14gBCYeR #railsconf
— Brakeman Pro (@BrakemanPro) April 17, 2018
Loved your talk on policy patterns and nice work on your gem @palkan_tula. Thanks for your contribution
— Andy M (@socalrockr) April 17, 2018
@palkan_tula really enjoyed your talk today, can't wait to try out the framework. P.S. the link on https://t.co/zovd1mfY0r to the project is broken
— Matt DuBois (@mattduboismatt) April 17, 2018

Access Denied: the missing guide to authorization in Rails

Video

Action Policy