Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rails 4 user roles and permissions

I am writing a rails application for an organization. Every user may have 1 or more roles and can only access certain controller actions depending on those roles.

For example, only admins can create, destroy and update certain fields of Users. Also, there are Teams which each have a team leader, and only the team leader can update certain information about the Team (like the member list, for example). However, Admins are the one who assign the team leader in the first place.

The specific details of my scenario are not important, I merely hope I described the situation where there are many different roles and permissions.

My question is: what gem to use? My first thought was CanCan, but the last commit was almost a year ago and there is no mention of Rails 4 compatibility. Is there a currently maintained alternative?

like image 251
gdiazc Avatar asked Aug 12 '14 19:08

gdiazc


1 Answers

Your first guess was right, use cancancan and you'll be good with it.

EDIT Jul 24, 2015

I've been using cancancan for a long time now and it was always working great. I've recently started working on a project where Pundit is used for authorization.

It is awesome. It prompts you to define the policy for each resource and it feels more natural than one bloated Ability class.

For bigger projects, I would definitely recommend Pundit.

like image 75
Andrey Deineko Avatar answered Oct 07 '22 18:10

Andrey Deineko