Umpire is a very lightweight authorization lib that uses policy classes to define rules
Add this line to your application's Gemfile:
gem 'umpire'
And then execute:
$ bundle
Or install it yourself as:
$ gem install umpire
Umpire consists of a base policy class that you need to extend and a helper that you can use in your app.
Because it's doesn't depend on rails, you need to include the Umpire helper in your ApplicationHelper
and your ApplicationController or whatever other class you might need to use it in:
include Umpire::AuthHelper
I use that in a rails lib, so by default the lib uses a current_user method to get the subject from,
but if you don't have it - no worries, you can still pas a subject on your own.
Let's make a simple Policy class and use it in a rails view:
class SchoolPolicy < Umpire::Policy
# the only method you need to overwrite
# return all the allowed actions here
# @subject is the subject (current_user) by default
# and the object is @object - in this exapmle it could be a
def rules
allowed = [:go_to_school]
allowed << :take_cs_201 @subject.has_taken(:cs_101)
allowed
end
end
You can now use the policy class with the helper like this:
<%= render partial: 'modules/cs_201' if can? :take_cs_201, using: SchoolPolicy %>
This will check call has_taken(:cs_101) on the result of current_user
Other usage examples:
# with subject
can? User.find(1), :drive, car, using: HighwayCode
# without subject (assumes current_user if available)
can? :drive, car, using: HighwayCode
# multiple policies
can? :park, car, using: [HighwayCode, ParkingRules]
# without object
can? :cook_spaghetti, using: [KitchenPolicy]
# multiple actions
can? [:order, :drink], beer, using: BarPolicy
After checking out the repo, run bundle to install dependencies.
Then, run bundle exec rake rspec to run the tests.
To install this gem onto your local machine, run bundle exec rake install.
Bug reports and pull requests are welcome on GitHub at https://github.com/muxcmux/umpire.
The gem is available as open source under the terms of the MIT License.
FAQs
Unknown package
We found that umpire demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.
Security News
A clarification on our recent research investigating 60 malicious Ruby gems.