Use Pundit for authorization (#720)

nickcharlton · web-flow · commit e383492461c0 · 2025-02-28T10:59:07.000Z
Authorization is the process of ensuring that users have access to the data that only they should access. It's a common flow found in many different Rails applications. Pundit is takes the approach of using regular Ruby classes and OO design which makes it pleasant to use. This recommendation comes after it's been used on many applications, including support included in Administrate. https://github.com/varvet/pundit https://administrate-demo.herokuapp.com/authorization
diff --git a/rails/README.md b/rails/README.md
@@ -54,6 +54,9 @@
 - [Use blocks](/ruby/sample_2.rb#L10) when declaring date and time attributes in
   FactoryBot factories.
 - Use `touch: true` when declaring `belongs_to` relationships.
+- Use [Pundit][] when you need to restrict access to models and data.
+
+[Pundit]: https://github.com/varvet/pundit
 
 ## Translations
 
