ActionPolicy::Base is a combination of all available policy extensions with the default configuration.
It looks like this:
class ActionPolicy::Base
include ActionPolicy::Policy::Core
include ActionPolicy::Policy::Authorization
include ActionPolicy::Policy::PreCheck
include ActionPolicy::Policy::Reasons
include ActionPolicy::Policy::Aliases
include ActionPolicy::Policy::Scoping
include ActionPolicy::Policy::Cache
include ActionPolicy::Policy::CachedApply
include ActionPolicy::Policy::Defaults
# Rails-specific scoping extensions
extend ActionPolicy::ScopeMatchers::ActiveRecord
scope_matcher :active_record_relation, ActiveRecord::Relation
extend ActionPolicy::ScopeMatchers::ActionControllerParams
scope_matcher :action_controller_params, ActionController::Parameters
# Active Support notifications
prepend ActionPolicy::Policy::Rails::Instrumentation
# ActionPolicy::Policy::Defaults module adds the following
authorize :user
default_rule :manage?
alias_rule :new?, to: :create?
def index?
false
end
def create?
false
end
def manage?
false
end
endYou can write your ApplicationPolicy from scratch instead of inheriting from ActionPolicy::Base
if the defaults above do not fit your needs. The only required component is ActionPolicy::Policy::Core:
# minimal ApplicationPolicy
class ApplicationPolicy
include ActionPolicy::Policy::Core
endThe Core module provides apply and allowed_to? methods.
NOTE: When using with Rails, custom scope matchers are also registered within the Base class.
If you plan to use them, you need to copy setup code from the corresponding files.