CODEWITHSUNDEEP
ruby-on-railscancanruby-on-rails-4rails-authorization
8bithero
8bithero

Reputation: 1609

Rails4 authorization strategies

When it comes to Authorization/Authentication devise + cancan are usually my gems of choice. After the release of Rails4's strong parameters I've been looking into using the cancan_strong_parameters gem.

I can't shake the feeling that this approach seems a bit 'hacky'. The other options seems to be TheRole gem or simply rolling my own auth from scratch.

Was hoping anyone with first hand experience here could give a few pointers on how they tackled the problem, what problems the faced and where each approach fell short (if anywhere).

I know this isn't a clean cut StackOverflow typed question, but there doesn't seem to be much info regarding this subject when Googling. Thanks.

Upvotes: 7

Views: 4120

Answers (4)

mpinvidio
mpinvidio

Reputation: 509

I'd go with Cancancan based on:

  • It's based on Cancan, the most widely used Authorization Rails library (until Rails 4)
  • It's Rails 4 compatible
  • It has more Commits, Contributors and Releases on Github than other Rails 4 authorization gems (The_Role, Pundit, etc.)
  • It's has more downloads on rubygems.org than The_Role even though it has fewer downloads than Pundit

Upvotes: 1

Joshua Muheim
Joshua Muheim

Reputation: 13195

There's also the protector gem:

https://github.com/inossidabile/protector

And cancancan:

https://github.com/bryanrite/cancancan

Upvotes: 2

idrinkpabst
idrinkpabst

Reputation: 1838

Check out the_role gem which works in Rails 4 and is a CanCan replacement

Upvotes: 1

Jared Beck
Jared Beck

Reputation: 17528

Have you read the discussion in PR 763 "support for strong_parameters"?

In short, until cancan 2 comes out, some people are using Oliver Morgan's fork.

Upvotes: 4

Related Questions