A comprehensive Rails authorization module presented at Kaigi on Rails 2025. Features practical examples of policy-based access control, role management, and permission handling patterns for modern Rails applications.

https://kaigionrails.org/2025/talks/naro143/#day2

Authorization consists of target, action, role, and condition. By separating these components, we achieve simple and flexible permission management.

project = Project.find(1)

readable_project = Policy.authorize(current_user, project, :read)

projects = Project.all

readable_projects = Policy.authorize_scope(current_user, projects, :read)

Policy.permissions(current_user)

# => JSON
# {
#   "project": {
#     "read": true
#     "create": false,
#     "update": false,
#     "delete": false,
#   }
# }