Adding Authorization to Sinatra with Pundit

Sample App

  • /posts/:id: renders a page for reading the post
  • /posts/:id/edit: renders a form for editing a post

About Pundit

  1. Policies are named after the model that they grant or deny permission to, with a suffix of Policy. In our application, the policy for Posts would be named PostPolicy
  2. Each policy must have an initializer which accepts a user object and the object you want to restrict access to.
  3. Policies implement a method with a boolean return value for each action a user can perform on the object. For instance, to check permissions to edit a post the PostPolicy should implement an #edit? method.

Adding Pundit to Sinatra

# Gemfile
gem 'pundit'
# Terminal
gem install pundit

Wrapping Up



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store