Action Policy VS Devise

Action Policy is a flexible, extensible, and performant authorization framework for Ruby and Rails apps. It uses multiple caching strategies out of the box, making it very fast, especially if your authorization rules require database queries.

Action Policy is the latest Authorization framework I've seen recommended. What is more, it is maintained by the nice and experienced team from Evil Martians.

Lots of goodies here, such as token authentication, role- and permission-based authorization (including a move from Pundit to ActionPolicy), and how I test the API end-to-end using *raises flame shield* Cucumber.

Also, ActionPolicy is better than Pundit for most applications. Give it a try.

Use Action Policy or Pundit, and write tests for your policies. Authz is worth testing with near complete coverage.

You may ask what's makes Active Entry better or different from other gems like Pundit, Action Policy (especially), or CanCanCan.

At work, we've recently faced similar issues and moved to ActionPolicy as a result. It's designed slightly differently, but there is a lot of overlap with what John came up with.

Since Rails 7, there's more and more tooling that enables us, developers, to roll our own authentication. Devise is great and has been an amazing companion over the years. It also has this neat little feature - an authenticated route constraint which "hides" certain routes from people that are not signed in.

[changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D

As much as this article is about user authorization, there's something important we need to cover: user authentication. Without it, any authorization policies we try to define later on will be useless. But there is no need to write authentication from scratch. Let's use Devise.

With around 50 new gems released daily, it is common to use trending libraries for managing everyday tasks. You probably use Devise for authentication, Cancan for authorization, Kaminari for pagination, or run tests with Rspec.

Devise is an authentication library built on top of Warden, a Rack-based authentication framework.

devise: An authentication library designed for Rails

I used Devise, this is a Ruby on Rails app

In this article, we will explore how to implement authentication in a Rails 7 application using the popular devise gem. Authentication is a crucial aspect of web development, allowing users to securely access and interact with your application. By following this step-by-step guide, you will learn how to set up devise, configure authentication routes, create user models, and enhance your application with authentication features.