Skip to main content

Join GoRails to continue learning

Subscribe to GoRails to get access to this episode and all other pro episodes, and new awesome content every month.

Subscribe Now
Only $19/month

Login to your account

29 Authorization With CanCanCan

Episode 20 · August 18, 2014

A look into the popular CanCanCan library to add authorization to your Rails app

Authorization


Transcripts

Subscribe or login to view the transcript for this episode.

Discussion


Gravatar
Rob Sobers on

Curious why CanCan and not an actively maintained project like Pundit?

Gravatar
Chris Oliver (167,560 XP) on

I'm covering Pundit next, but CanCan is by far the leader with 4 million downloads. CanCanCan is the community maintained version of cancan so it is still always up-to-date. I'm going to do a few authorization approaches in a row so we can compare them side by side and you can determine which works the best for you.

Gravatar
Rob Sobers on

Fair enough! Thanks for the great videos.


Gravatar
Brandon Glassmaker (10 XP) on

Great watch, can't wait for the Pundit video. I've used CanCan before, Pundit looks equally as interesting. Really liking the deeper delve into the other things you can do once your authorization is going


Gravatar
Dana Nourie (930 XP) on

This is great! Eager to try it out.


Gravatar
Artem Kiryanov (240 XP) on

I have error: When i open Rails C and write this: ActiveRecord::UnknownAttributeError: unknown attribute: role


Gravatar
Paul Kawalya (10 XP) on

Great videos. Thanks


Gravatar
Jay Killeen (1,580 XP) on

That was really good thank you. I'll take a look at the Pundit one. I am interested in understanding more around the Permission model and storing the abilities in a database. I think at this stage I will build it out in abilities.rb but concerned it may be difficult to migrate to a Permission model later down the track.

Gravatar
Chris Oliver (167,560 XP) on

Check out rolify for database backed permissions. It is pretty flexible and shouldn't cause much if any downtime if you migrate from static permissions to database ones. You'd simply create the role records in the db before deploying the rolify backed cancan config so that there was no trouble.


Gravatar
Josh Zandman on

Hi Chris, I'm getting "ActiveModel::UnknownAttributeError: unknown attribute 'role' for User" error when trying to create an admin user in Console.

Gravatar
Chris Oliver (167,560 XP) on

Maybe you didn't add a role string field to your model? That's usually the case when you run into that error.

Gravatar
Josh Zandman on

I wasn't sure if it was already built into Devise or CanCanCan. Thanks for the help!


Gravatar
W. Ama on

Hi! I have a question.
I am using devise and have implemented it to the login of the user (user table in the schema), and I have created different parameters for that user.
Now the problem is that I want to create a different kind of user (an example would be like buyer, seller etc), so I will have 3 different types.
Would I have to delete the parameters from the user migration and add the different models that would (<) inherit from the User model?
Or is there a better way of doing that?
Since I am using devise, I am planning to have 2 or 3 different login pages depending on who the user type is...
What are your thoughts on this and what are the recommended ways of doing this?
Thank you.

Gravatar
W. Ama on

I want to add that I am trying not to use the cancan gem and just implement it all manually as I want to keep control over my data that way.
Thank you.

Gravatar
Chris Oliver (167,560 XP) on

If I'm understanding correctly, you have two options:

1. You can create 3 separate models with separate login pages. This is probably the easiest, but it requires users to register separately and they're treated as totally separate accounts (you could have an account registered with each one of those using the same email and they will be 3 separate records).

In this case, you would need migrations for each table in the db that people can register as.

2. You can create just one User model and use Single Table Inherintance to save the different types of users to one table. I believe this would only let you use an email once, but you could create an instance of the different types of users to give them features from those. People don't use STI that often, but it can be helpful sometimes.

This would only need migrations for the one table.

Gravatar
W. Ama on

so for the first option, I will create three rails generate devise User with their separate views and sign ups and so on? This seems better than the STI for scaling I believe right?

Thank you!

Gravatar
Chris Oliver (167,560 XP) on

You would do "rails generate Buyer; rails generate Seller;" and so on. Then you'd wnat to use the devise scoped views generator which will make separate views for each type of user. They have instructions on that in their readme.

Gravatar
W. Ama on

I see. The problem with this is that I already have used: rails generate devise User and added all the parameters and functionalities of a specific type to it. Would it be ok now to use: rails generate Buyer for example and go from there by leaving the "User" generated devise working as a Seller for example?

Gravatar
Chris Oliver (167,560 XP) on

Absolutely. That will work fine, just have to remember that is all. :)

Gravatar
W. Ama on

haha perfect. Thank you, I really appreciate it.
I am getting this error though when

I run rails generate Buyer

Running via Spring preloader in process 21333
[WARNING] Please install gem 'therubyracer' to use Less.
Could not find generator 'Buyer'. Maybe you meant 'assets', 'mailer' or 'model'
Run `rails generate --help` for more options.

It seems like I need a gem when generating Buyer for example without a specific generation type.

Gravatar
Chris Oliver (167,560 XP) on

Whoops, that shoulda been "rails generate devise Buyer" :)

Gravatar
W. Ama on

Haha yes perfect. Thank you! I will work on that now and let you know if everything works well.

Gravatar
W. Ama on

So I got the app working with the different Devise users. I had actioncable set up for the original User but now it is not working all of a sudden after I added the other Devises and set it all up to sign in and sign up with different devise accounts. Is there something I need to change along with it for actioncable to keep working as it was? Thank you.
It gives me this error:

Successfully upgraded to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)
An unauthorized connection attempt was rejected
Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)

The messages do not get sent through actioncable when I type on the chatroom and nothing is displayed.

Gravatar
W. Ama on

I solved it by configuring connection.rb. Thank you.


Login or create an account to join the conversation.