

CanCanCan – Continuation of CanCan, the authorization Gem for Ruby on Rails. - rickcarlino
https://github.com/CanCanCommunity/cancancan

======
timmorgan
Kudos on picking up and moving forward an existing Rails plugin gem rather
than writing yet another. Too many Rails gems get left in the dust after a few
years. CanCan is a great library, and is well-documented!

That being said, I've found (the hard way) that how CanCan declares
"abilities" isn't flexible enough. The declarations got out of hand as my app
grew larger and the maze of who can do what got more complex.

CanCan tries to reduce complex authorization logic down to a very simple DSL.
I applaud the effort, but it falls apart on larger apps.

(I am perfectly willing to admit that I probably just "did it wrong", but in
the end, I decided something less clever and more along the lines of "just
Ruby" would be more up my alley.)

I've switched over to using the Authority gem [1] for authorization, which
doesn't try to be quite so clever. You write your authorization logic in plain
ol' Ruby code -- use an `if` or a `case` or look up in the database, or
whatever!

The best part of CanCan (IMO) is its ability to load and authorize your
resource model in a filter in your controller, removing much of the
boilerplate you get with Rails resource controllers. I would hope that
functionality could be extracted from CanCan (or CanCanCan) into a separate
gem.

In the meantime, I ended up writing my own library called (unimaginatively)
"load_and_authorize_resource" [2] to do basically the same thing. Feedback
(and PRs) welcome.

[1]
[https://github.com/nathanl/authority](https://github.com/nathanl/authority)
[2]
[https://github.com/seven1m/load_and_authorize_resource](https://github.com/seven1m/load_and_authorize_resource)

~~~
d4mi3n
Haven't heard of authority before, thanks for the link. I've been using Pundit
[1] for similar problems; assuming you're aware of both projects, were there
any specific issues that caused you to go with authority over Pundit?

[1] [https://github.com/elabs/pundit](https://github.com/elabs/pundit)

------
hackerboos
There's also `authorize`, `pundit` and many more:

[https://www.ruby-
toolbox.com/categories/rails_authorization](https://www.ruby-
toolbox.com/categories/rails_authorization)

------
JonnieCache
Can we still use it outside of rails? We've had success in the past using
CanCan in sinatra apps.

------
throwa
Thanks for not allowing cancan to die.

------
anonova
[Six]([https://github.com/randx/six](https://github.com/randx/six)) is
typically my go to library. I really prefer something to just store rules, and
six does just that. No fancy dsl, no integration with Rails, etc.

------
coldcode
A new name might be a better idea. Otherwise the next person will make
CanCanCanCan, which is actually a legitimate english sentence.

------
raphinou
anyone knows why cancan development was stopped?

~~~
Perceptes
The author, Ryan Bates, has been on hiatus for a while now due to burn out. He
seems to have stopped his open source work in addition his Railscasts
screencasts.

~~~
why-el
And his social media presence. Ryan is great and burn out is a serious matter.
Hope he comes back stronger and more inspired.

~~~
Argorak
I wouldn't hold my breath. The worst thing you can do after something like
that is going back to the old way of working. It's not like you steel yourself
by going through such a phase.

------
rickcarlino
Caveat: I didn't write this, folks. I just really liked CanCan and was happy
to see it be maintained.

~~~
JustinAiken
Here's a blogpost by the new maintainer:
[https://mojolingo.com/blog/2014/putting-the-can-in-
cancan/](https://mojolingo.com/blog/2014/putting-the-can-in-cancan/)

