Rails4 authorization strategies

Question

When it comes to Authorization/Authentication devise + cancan are usually my gems of choice. After the release of Rails4's strong parameters I've been looking into using the cancan_strong_parameters gem.

I can't shake the feeling that this approach seems a bit 'hacky'. The other options seems to be TheRole gem or simply rolling my own auth from scratch.

Was hoping anyone with first hand experience here could give a few pointers on how they tackled the problem, what problems the faced and where each approach fell short (if anywhere).

I know this isn't a clean cut StackOverflow typed question, but there doesn't seem to be much info regarding this subject when Googling. Thanks.

Answer 1

Have you read the discussion in PR 763 "support for strong_parameters"?

In short, until cancan 2 comes out, some people are using Oliver Morgan's fork.

Answer 2

There's also the protector gem:

https://github.com/inossidabile/protector

And cancancan:

https://github.com/bryanrite/cancancan

Answer 3

Check out the_role gem which works in Rails 4 and is a CanCan replacement

Answer 4

I'd go with Cancancan based on:

• It's based on Cancan, the most widely used Authorization Rails library (until Rails 4)
• It's Rails 4 compatible
• It has more Commits, Contributors and Releases on Github than other Rails 4 authorization gems (The_Role, Pundit, etc.)
• It's has more downloads on rubygems.org than The_Role even though it has fewer downloads than Pundit