authorization

Authorization filters often become string-SQL soup. Use Arel to build composable scopes that are still readable and safe. This snippet shows a “visible_to(member)” scope with a join and a condition that can evolve without turning into interpolated SQL

Authorization libraries are great, but you can also build a lightweight policy scope. The key is to keep it composable: a single public method that returns an ActiveRecord::Relation and nothing else.