Introducing *Shield* -- Comprehensive security for Lucky framework

cc @konung

I’ve taken a cursory look at LuckyCan, and it should be possible, even easy, to integrate with Shield.

Define your policies as usual with LuckyCan, and in any action, you can do:

def authorize? : Bool
  #current_user!.level.admin? || post.user_id == current_user!.id

  # Call the relevant authorization engine's helper here
  # This is for *LuckyCan*, but could be *Praetorian* or similar
  PostPolicy.create?(post, current_user!)

I should probably add this to the documentation.

1 Like