my recent reads..

cancannible role-based access control gets an update for Rails 4


Can You Keep a Secret? / 宇多田ヒカル

cancannible is a gem that has been kicking around in a few large-scale production deployments for years. It still gets loving attention - most recently an official update for Rails 4 (thanks to the push from @zwippie).

And now also some demo sites - one for Rails 3.2.x and another for Rails 4.3.x so that anyone can see it in action.


So what exactly does cancannible do? In a nutshell, it is a gem that extends CanCan with a range of capabilities:

  • permissions inheritance (so that, for example, a User can inherit permissions from Roles and/or Groups)
  • general-purpose access refinements (to automatically enforce multi-tenant or other security restrictions)
  • automatically stores and loads permissions from a database
  • optional caching of abilities (so that they don't need to be recalculated on each web request)
  • export CanCan methods to the model layer (so that permissions can be applied in model methods, and easily set in a test case)