Authorization With CanCanCan
Popular Rails Gems Series
1. Styling with Bootstrap Sass 2. Debugging With BetterErrors 3. Pretty urls with FriendlyID 4. Pagination with will_paginate 5. File Uploading with Carrierwave 6. User Authentication with Devise 7. Keeping track with Annotate 8. Sending emails with Mandrill 9. Authorization With CanCanCan 10. Authorization with Pundit 11. Soft Delete with Paranoia 12. Newsletter Sign Up Form with country_select 13. The State_Machine Gem 14. Using ActiveAdmin to Build an Admin UI 15. How to Migrate from Paperclip to Rails ActiveStorageEpisode 20 · August 18, 2014
A look into the popular CanCanCan library to add authorization to your Rails app
Resources
Discussion
I'm covering Pundit next, but CanCan is by far the leader with 4 million downloads. CanCanCan is the community maintained version of cancan so it is still always up-to-date. I'm going to do a few authorization approaches in a row so we can compare them side by side and you can determine which works the best for you.
Great watch, can't wait for the Pundit video. I've used CanCan before, Pundit looks equally as interesting. Really liking the deeper delve into the other things you can do once your authorization is going
I have error: When i open Rails C and write this: ActiveRecord::UnknownAttributeError: unknown attribute: role
That was really good thank you. I'll take a look at the Pundit one. I am interested in understanding more around the Permission model and storing the abilities in a database. I think at this stage I will build it out in abilities.rb but concerned it may be difficult to migrate to a Permission model later down the track.
Check out rolify for database backed permissions. It is pretty flexible and shouldn't cause much if any downtime if you migrate from static permissions to database ones. You'd simply create the role records in the db before deploying the rolify backed cancan config so that there was no trouble.
Hi Chris, I'm getting "ActiveModel::UnknownAttributeError: unknown attribute 'role' for User" error when trying to create an admin user in Console.
Maybe you didn't add a role string field to your model? That's usually the case when you run into that error.
Hi! I have a question.
I am using devise and have implemented it to the login of the user (user table in the schema), and I have created different parameters for that user.
Now the problem is that I want to create a different kind of user (an example would be like buyer, seller etc), so I will have 3 different types.
Would I have to delete the parameters from the user migration and add the different models that would (<) inherit from the User model?
Or is there a better way of doing that?
Since I am using devise, I am planning to have 2 or 3 different login pages depending on who the user type is...
What are your thoughts on this and what are the recommended ways of doing this?
Thank you.
If I'm understanding correctly, you have two options:
1. You can create 3 separate models with separate login pages. This is probably the easiest, but it requires users to register separately and they're treated as totally separate accounts (you could have an account registered with each one of those using the same email and they will be 3 separate records).
In this case, you would need migrations for each table in the db that people can register as.
2. You can create just one User model and use Single Table Inherintance to save the different types of users to one table. I believe this would only let you use an email once, but you could create an instance of the different types of users to give them features from those. People don't use STI that often, but it can be helpful sometimes.
This would only need migrations for the one table.
You would do "rails generate Buyer; rails generate Seller;" and so on. Then you'd wnat to use the devise scoped views generator which will make separate views for each type of user. They have instructions on that in their readme.
I see. The problem with this is that I already have used: rails generate devise User and added all the parameters and functionalities of a specific type to it. Would it be ok now to use: rails generate Buyer for example and go from there by leaving the "User" generated devise working as a Seller for example?
Absolutely. That will work fine, just have to remember that is all. :)
haha perfect. Thank you, I really appreciate it.
I am getting this error though when
I run rails generate Buyer
Running via Spring preloader in process 21333
[WARNING] Please install gem 'therubyracer' to use Less.
Could not find generator 'Buyer'. Maybe you meant 'assets', 'mailer' or 'model'
Run `rails generate --help` for more options.
It seems like I need a gem when generating Buyer for example without a specific generation type.
Whoops, that shoulda been "rails generate devise Buyer" :)
So I got the app working with the different Devise users. I had actioncable set up for the original User but now it is not working all of a sudden after I added the other Devises and set it all up to sign in and sign up with different devise accounts. Is there something I need to change along with it for actioncable to keep working as it was? Thank you.
It gives me this error:
Successfully upgraded to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)
An unauthorized connection attempt was rejected
Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)
The messages do not get sent through actioncable when I type on the chatroom and nothing is displayed.
Login or create an account to join the conversation.