Connect With Us

DesignRush Go to Design Rush

Fun with ACL in Rails

By on Mar, 18, 2016

After an android app using Ruboto, I knew implementing ACL(Access Control List) would be the next fun project. Imaging, planing whole bunch access levels, and controlling the access. The superior person would be able to add, view and modify any thing, but the inferior one has only a limited view. Well, I first designed the proposal, with diagrams of hierarchy of access levels and permitted actions, and the usual Use Cases and Activity diagrams. I enjoyed creating diagrams through Xmind and Umbrello. And then added some visual effects using Inkscape.

My proposed solution was simple, four levels of access, adhering to KISS principle as much as possible. The access level were, one to the vendor, then admin of each company(client) followed by project leads and project members. The permitted actions are exactly the ones you imagined. However, I also included an alternate solution, with an extra feature creating template roles. The use case actors were based on the persona of Software Architects, Solution Architects, Qas. Analyzing and comparing, many factors, the simpler one won.

Starting on implementing, I did'nt touch the code for next day. Instead, I researched on the right gem. By noon, I narrowed down the gems to


It is highly configurable. One can dynamically grant authorization at the object level.


It is simple to implement, and ease to use.


Pundit is not limited to ActiveRecord or even an ActiveModel object.

Though, acl9 felt the right tool for my toolbox, it was not. It's not just about ease of user, readability, write-ability, or time/space cost of code, but amount of time to develop the solution as well. The system was already using Devise for authentication, which acl9 was not compatible with. So, despite CanCanCan simplicity, pundit was chosen for it feature of scope.

Following the TDD pattern, where you write the spec followed by its solution, there were about a hundred criteria, that I needed include. In this project, a major obstable I faced was, writing specs. The github site of pundit did not have instructions on writing specs for scoping. It might have been end of hope, if I didn't find this only site with just the thing I need

Writing specs for Pundit was fun, but I tried covering the specs with least examples possible. By the time, the implementation of policy was complete, there were exactly 99 spec examples just for the policy.

5 minutes presentation On Pundit


Share This:

Latest Posts

Why we organize all hands Annual Retreat? By Promising Software Engineer on Sep, 17, 2019

Career Conclave 2019 By Promising Software Engineer on Jul, 30, 2019

Ruby Workshop at Jyaasa By Promising Software Engineer on Jul, 30, 2019

Bootcamp @ Jyaasa By Promising Software Engineer on Jul, 30, 2019

Integrating Afterpay Payment in a Rails Project By Umesh P Kafle on Sep, 07, 2018