Menu
I am looking an authorization gem for rails 4. Before I used cancan, but it looks outdated nowadays...
I found the_role here https://github.com/the-teacher/the_role It is nearly what I want, but has a few annoying issues. Maybe similar gems exist? I need roles, store roles in database and association actions with rules. It wound be great if gem cooperate with bootstrap.
P.S. For authentication I use devise.
285
In this tutorial, I will show you how simple it is to authenticate and authorizate your application using the popular rails gems: Devise, CanCanCan, and Rolify. What is authentication and authorization? Authentication is a confirmation of user identity, while authorization determines whether you can access a particular resource. What is Devise?
Devise. Devise is most probably the most commonly used Gem when using Ruby on Rails. It provides an easy-to-use authentication solution for your Rails application which will allow you to get login, registration, forget password, account locks and much more account-related features by simply using this Gem.
The Ruby on Rails framework is an extremely powerful tool for developing web applications. It comes with plenty of built-in features that help accelerate the development of your web application such as intelligent routing and an object-relation mapper, all using an MVC pattern.
All permissions are defined in a single location (the Ability class). Step 1. Create a new Rails application I used 4.2.6 version of Rails and SQLite as a database. Let’s skip a test and create a new Rails application. Step 2. Add Bootstrap and styles
You should look at the bigger picture even outside Ruby and consider authorization model. The traditional prevalent model is role-based access control (RBAC) and this is what most frameworks and - in Ruby - most gems implement.
But if you have more advanced scenarios you want to consider attribute-based access control and XACML, the eXtensible Access Control Markup Language.
With XACML, you can implement context-aware authorization that is policy-based. For instance you can write rules such as:
And so on...
I am not aware of any Ruby gem to apply XACML to your Ruby projects but the nature of XACML is such that you can easily implement your own authorization agents (enforcement points). I've written some in PHP, Java, .NET, and Perl.
You'll need an authorization engine. There are several open-source and vendor solutions out there such as SunXACML and Axiomatics.
Here are some interesting resources:
109
CanCanCan
CanCan was a popular gem for authorization developed by Ryan Bates (best known for RailsCasts) and abandoned prior to the release of Rails 4.0. Due to its popularity, the community-based CanCanCan project maintains an updated version of CanCan. CanCan provides a DSL (domain-specific language) that isolates all authorization logic in a single Ability class.
Pundit
The Pundit gem is gaining in popularity for Rails authorization. Pundit is an authorization system that uses simple Ruby objects for access rules. Pundit uses a folder named app/policies/ containing plain Ruby objects that implement access rules.
CanCanCan or Pundit or ?
As an application grows in complexity, the CanCan Ability class can grow unwieldy. Also, every authorization request requires evaluation of the full CanCan Ability class, adding performance overhead. Pundit also offers the advantage of segregating access rules into a central location, keeping controllers skinny. Pundit policy objects are lightweight, adding authorization logic without as much overhead as CanCan.
Simple Role-Based Authorization
With Rails 4.1, you can implement role-based authorization using Active Record Enum. You can use CanCanCan or Pundit to keep controllers skinny if your access rules are complex but for simple requirements, you may not need CanCanCan or Pundit.
I've written an article on Rails Authorization that goes into more detail, comparing CanCanCan and Pundit and simple role-based authorization.
28
Cancancan is the new version of can can:
https://github.com/CanCanCommunity/cancancan
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
