Authzed Ruby Client
This repository houses the official Ruby client library for Authzed and SpiceDB.
SpiceDB is a database system for managing security-critical permissions checking.
SpiceDB acts as a centralized service that stores authorization data. Once stored, data can be performantly queried to answer questions such as "Does this user have access to this resource?" and "What are all the resources this user has access to?".
Authzed operates the globally available, serverless database platform for SpiceDB.
Supported client API versions:
See CONTRIBUTING.md for instructions on how to contribute and perform common tasks like building the project and running tests.
We highly recommend following the Protecting Your First App guide to learn the latest best practice to integrate an application with Authzed.
If you're interested in example uses of the API, see the spec files in the spec directory.
This project is packaged as the gem
authzed on Ruby Gems.
The command to install the library is:
gem install authzed
Initializing a client
require 'authzed' client = Authzed::Api::V1::Client.new( target: "localhost:50051", credentials: :this_channel_is_insecure, interceptors: [Authzed::GrpcUtil::BearerToken.new(token: "somerandomkeyhere")], )
Performing an API call
require 'authzed' # Is Emilia in the set of users that can read post #1? resp = client.permissions_service.check_permission( Authzed::Api::V1::CheckPermissionRequest.new( consistency: Authzed::Api::V1::Consistency.new( at_least_as_fresh: Authzed::Api::V1::ZedToken.new(token: zed_token) ), resource: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/post', object_id: '1'), permission: 'read', subject: Authzed::Api::V1::SubjectReference.new( object: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/user', object_id: 'emilia') ) ) ) can_read = Authzed::Api::V1::CheckPermissionResponse::Permissionship.resolve(resp.permissionship) == Authzed::Api::V1::CheckPermissionResponse::Permissionship::PERMISSIONSHIP_HAS_PERMISSION