I’ve been working on several applications where I’ve needed not only to verify that someone was logged in, but actually make sure that someone had permission to modify a particular object. There are several authentication solutions out there. I’ve actually listed 9 of them in this post.
I’m going to add one that I’ve picked up lately. It’s called Devise. I’m actually really enjoying it and liking a lot of the options that it offers. I still haven’t figured it all out, but it extends your rails application and manages your sign up, sign in, and sign off functionality. I’ll probably put up a screencast on it soon. So, stay posted.
The part that I’m really excited about, though, is CanCan. I’ve built complicated permissions systems before. Some were role based, others permissions based (possibly containing roles). I would place the role and permission checks into the controllers and manage the rights the user exercised that way. The problem was that I found myself repeating a LOT of code.
That’s what I like about CanCan. It provides a before filter for your controllers that saves you all of that code. The best thing about that is that your permissions are all defined in one place (/app/models/ability.rb) so if you need to give someone access to a particular resource in your application, you just set it up there and it’s propagated to the rest of your application. Trust Ryan Bates to come up with something simple and awesome like that.