Menu
When it comes to Authorization/Authentication devise + cancan are usually my gems of choice. After the release of Rails4's strong parameters I've been looking into using the cancan_strong_parameters gem.
I can't shake the feeling that this approach seems a bit 'hacky'. The other options seems to be TheRole gem or simply rolling my own auth from scratch.
Was hoping anyone with first hand experience here could give a few pointers on how they tackled the problem, what problems the faced and where each approach fell short (if anywhere).
I know this isn't a clean cut StackOverflow typed question, but there doesn't seem to be much info regarding this subject when Googling. Thanks.
468
asked Jul 13 '13 13:07
Authentication is the process of verifying who you are. Authorization is the process of verifying that you have access to resources.
CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries.
Rails CSRF TokenThe server generates these tokens, links them to the user session, and stores them in the database. This token is then injected into any form presented to the client as a hidden field. When the client correctly submits the form for validation, it passes the token back to the server.
Have you read the discussion in PR 763 "support for strong_parameters"?
In short, until cancan 2 comes out, some people are using Oliver Morgan's fork.
160
There's also the protector gem:
https://github.com/inossidabile/protector
And cancancan:
https://github.com/bryanrite/cancancan
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
