Rails Security: Action Policy & Rabarber

Recently, when I was building Pulse, I wanted an admin dashboard of sorts, I wanted to be able to manually create startups other users can then claim later, I also wanted to see a list of registered users, some basic stats, etc.

The problem now, I didn’t want every Joe and Jill to access the admin dashboard and do whatever they want simply because they registered an account.

To solve this, I did a deep dive, found solutions like cancan and it’s derivatives, and a bunch of other gems. However I wanted a setup that was a bit automatic that I could setup once and subsequently use and work out of the box without me writing extra code.

I guess you’re wondering, Gavin, why did you roll out your own dashboard when there are dashboard gems out there? Well, I tried, but I found that the amount of customization I’ll have to make requires me to write more code than just generating a scaffold_controller in the admin namespace.

I found 2 really good gems for this, ActionPolicy and Rabarber. ActionPolicy allowed me to write policies, and in those policies I will then decide if the user has a certain role before they can perform a given action.

Leave a Comment