2

It seems that Ryan Bates stopped developing CanCan. Rails 4 is nos fully supported. And, ready4rails4 says that it isn't work.

Should I replace CanCan for another authorization library?

Regards

carpamon
  • 6,515
  • 3
  • 38
  • 51
Alex Antonov
  • 14,134
  • 7
  • 65
  • 142
  • he stopped developing it a long time before Rails 4 came out. – sevenseacat Dec 10 '13 at 05:04
  • I know it, so I need to know another library – Alex Antonov Dec 10 '13 at 05:15
  • Always check [The Ruby Toolbox](https://www.ruby-toolbox.com/categories/rails_authorization) for gem alternatives. So ignoring `cancan` which is still the most used gem, we have 3 alternatives. `declarative_authorization` seems really complicated and `rolify` seems to have a ton of issues. I'd go with the simpler, object-oriented `pundit`! – Ashitaka Dec 10 '13 at 13:01
  • 2
    CanCanCan is the continuation. Github: https://github.com/CanCanCommunity/cancancan/blob/develop/README.rdoc – kingsfoil Jul 22 '14 at 15:10

1 Answers1

2

I do not longer use CanCan in new projects exactly because of the reasons you mentioned, too many open issues and unresolved pull requests.

You may want to have a look at Ryan's "Authorization From Scratch" RailsCasts.

You may also find useful the following snippets of code:

lib/errors/

module Errors
  class NotAuthorizedError < StandardError; end
end

app/controllers/application_controller.rb

class ApplicationController < ActionController::Base

  def authorize(record)
    raise Errors::NotAuthorizedError unless policy(record).public_send(params[:action] + "?")
  end

  def policy(record)
    "#{record.class}Policy".constantize.new(current_user, record)
  end
end

app/policies/user_policy.rb

class UserPolicy

  attr_reader :user, :current_user

  def initialize(current_user, user)
    @current_user = current_user
    @user = user
  end

  def update?
    user == current_user
  end
end

app/controllers/

class UsersController

  def update
    @user = User.find(params[:id])
    authorize(@user)
    # etc
  end
end

This solution, which I currently use in all my new apps is based on the following excellent article: http://www.elabs.se/blog/52-simple-authorization-in-ruby-on-rails-apps. It is so simple to implement and test that you can easily adapt it to your application needs.

Good luck replacing CanCan.

carpamon
  • 6,515
  • 3
  • 38
  • 51