Geek Answers Handbook

Rails4 Authorization Strategies

When it comes to authorization / authentication, development + cancan are usually my gems. After releasing strong Rails4 parameters, I searched for the use of cancan_strong_parameters gem.

I can't shake the feeling that this approach seems a bit "hacked." The rest of the options look like TheRole or just reset my own auth from scratch.

It was hoped that someone would first-hand experience a few indications here of how they solved the problem, what problems they encountered and where each approach was short (if anywhere).

I know this is not a clean question asked by StackOverflow, but there seems to be not much information on this when Googling. Thanks.

+7
ruby-on-rails ruby-on-rails-4 cancan
source share
4 answers

Have you read the discussion in PR 763 "strong_parameter support" ?

In short, until cancan 2 appears, some people use the Oliver Morgan plug .

+4
source share

There is also a protective jewel:

https://github.com/inossidabile/protector

And cancancan:

https://github.com/bryanrite/cancancan

+2
source share

Check out the_role gem which works in Rails 4 and is a replacement for CanCan

+1
source share

I will go with the Cancanan based on:

  • It is based on Cancan, the most widely used Rails authorization library (prior to Rails 4)
  • Rails 4 compatible
  • Github has more Commits, Contributors, and Releases than other authorized Rails 4 aircraft (The_Role, Pundit, etc.).
  • It has more downloads on rubygems.org than The_Role, although it has fewer downloads than Pundit
+1
source share

More articles:


All Articles