7

When it comes to Authorization/Authentication devise + cancan are usually my gems of choice. After the release of Rails4's strong parameters I've been looking into using the cancan_strong_parameters gem.

I can't shake the feeling that this approach seems a bit 'hacky'. The other options seems to be TheRole gem or simply rolling my own auth from scratch.

Was hoping anyone with first hand experience here could give a few pointers on how they tackled the problem, what problems the faced and where each approach fell short (if anywhere).

I know this isn't a clean cut StackOverflow typed question, but there doesn't seem to be much info regarding this subject when Googling. Thanks.

8bithero
  • 1,474
  • 1
  • 18
  • 23
  • I think (not that I will write a better alternative but still) that this gem is just poorly written. One can make an assumption that strong params "filter" method will be `singular_model_params` and just call it in execution of CanCan (+ add an option to provide different method name) – Mike Szyndel Jul 13 '13 at 13:52

4 Answers4

4

Have you read the discussion in PR 763 "support for strong_parameters"?

In short, until cancan 2 comes out, some people are using Oliver Morgan's fork.

Jared Beck
  • 16,796
  • 9
  • 72
  • 97
  • Thanks for that. Wasn't aware of Oliver Morgan's fork. I'm guessing the correct branch to use would be 'ollym_changes' right? – 8bithero Jul 20 '13 at 14:50
2

There's also the protector gem:

https://github.com/inossidabile/protector

And cancancan:

https://github.com/bryanrite/cancancan

Joshua Muheim
  • 12,617
  • 9
  • 76
  • 152
1

Check out the_role gem which works in Rails 4 and is a CanCan replacement

idrinkpabst
  • 1,838
  • 23
  • 25
1

I'd go with Cancancan based on:

  • It's based on Cancan, the most widely used Authorization Rails library (until Rails 4)
  • It's Rails 4 compatible
  • It has more Commits, Contributors and Releases on Github than other Rails 4 authorization gems (The_Role, Pundit, etc.)
  • It's has more downloads on rubygems.org than The_Role even though it has fewer downloads than Pundit
mpinvidio
  • 489
  • 6
  • 17