policies

Pundit provides simple, object-oriented authorization. Policies encapsulate authorization rules in plain Ruby classes. Each model gets a policy class defining who can perform actions. I use Pundit for fine-grained permissions—different users see diffe

Policies organize authorization logic around models, keeping permission checks clean and reusable. Each policy method corresponds to an action—view, create, update, delete. I call policies via the Gate facade or authorize() helper in controllers. The