Action Policy

Today I’m “celebrating” the anniversary of my life with GraphQL in production Rails apps—1 year full of trials and errors, misses and hits, wtf-s and successes.

The commit

As an open source addict, I especially loved working with GraphQL: it’s a rather young technology, and hence there is a lot of opportunities for contributions (at least, in Ruby world) and experiments.

And now I’m presenting the result of one such experiment—the action_policy-graphql gem, which glues together GraphQL Ruby and Action Policy authorization library.

Wait, Action Policy, was ist das*?

* “what is it” in German (I’m listening to Rammstein while writing this post 🎸)

About the same time as I’ve started working with GraphQL, I’ve presented a new Ruby authorization library, Action Policy, to the world (at RailsConf 2018).

Action Policy has been extracted from multiple projects I’ve been working on in the last few years. It’s ideologically similar to Pundit (and initially was built on top of it) but provides a bunch of additional features out-of-the-box (and has a very different architecture inside).

One of these features is an ability to provide an additional context on why the authorization check failed—failure reasons tracking.

This feature has been a dark horse for a long time, we barely used it (mostly for debugging purposes) until we started working with GraphQL—that’s when the ugly duckling turned into a beautiful swan.


In the same orbit

Explore more OSS projects

Contact us

We’d love to hear from you! We’re not really all that evil, and we love discussing potential projects, intriguing ideas, and new opportunities. Complete the form below or drop us a line at

Martians at a glance
years in business

A product development consultancy that works with startups and established businesses, while also creating open source-based products and services