Connect With Us

Fun with ACL in Rails

By on Oct, 16, 2016 in

After an android app using Ruboto, I knew implementing ACL(Access Control List) would be the next fun project. Imaging, planing whole bunch access levels, and controlling the access. The superior person would be able to add, view and modify any thing, but the inferior one has only a limited view. Well, I first designed the proposal, with diagrams of hierarchy of access levels and permitted actions, and the usual Use Cases and Activity diagrams. I enjoyed creating diagrams through Xmind and Umbrello. And then added some visual effects using Inkscape.

My proposed solution was simple, four levels of access, adhering to KISS principle as much as possible. The access level were, one to the vendor, then admin of each company(client) followed by project leads and project members. The permitted actions are exactly the ones you imagined. However, I also included an alternate solution, with an extra feature creating template roles. The use case actors were based on the persona of Software Architects, Solution Architects, Qas. Analyzing and comparing, many factors, the simpler one won.

Starting on implementing, I did'nt touch the code for next day. Instead, I researched on the right gem. By noon, I narrowed down the gems to

Acl9:

It is highly configurable. One can dynamically grant authorization at the object level.

CanCanCan:

It is simple to implement, and ease to use.

Pundit:

Pundit is not limited to ActiveRecord or even an ActiveModel object.

Though, acl9 felt the right tool for my toolbox, it was not. It's not just about ease of user, readability, write-ability, or time/space cost of code, but amount of time to develop the solution as well. The system was already using Devise for authentication, which acl9 was not compatible with. So, despite CanCanCan simplicity, pundit was chosen for it feature of scope.

Following the TDD pattern, where you write the spec followed by its solution, there were about a hundred criteria, that I needed include. In this project, a major obstable I faced was, writing specs. The github site of pundit did not have instructions on writing specs for scoping. It might have been end of hope, if I didn't find this only site with just the thing I need http://netzfisch.github.io/ruby/2014/06/26/pundit-rails-authorisation-with-rspec.html

Writing specs for Pundit was fun, but I tried covering the specs with least examples possible. By the time, the implementation of policy was complete, there were exactly 99 spec examples just for the policy.

5 minutes presentation On Pundit

 

Share This:

Comments


Add a new comment

Latest Posts


Design Sprint By Neha Suwal on Aug, 14, 2017

3 years of helping startups and entrepreneurs with technology By Neha Suwal on Aug, 04, 2017

Digital Marketing for Startups By Neha Suwal on Jun, 30, 2017

Jyaasa in Prestige Talks By Neha Suwal on Jun, 16, 2017

Helping digital era entrepreneurs: How Jyaasa helped create a tech startup success story in Sydney. By Kapil Raj Nakhwa on May, 29, 2017