Putting the Can in CanCan

Continuing work on our favorite Rails authorization library

As many of you have read, I am announcing the CanCanCan project, a continuation of the popular Rails gem CanCan. This effort is a collaboration of the CanCan community continuing Ryan Bates’ excellent work to date. This article is intended to serve as the release announcement as well as talk about the direction for the CanCan(Can) Community… but first, a little background:

Here at Mojo Lingo, we help our clients build a lot of great applications, relying on all sorts of open source software. I do a lot of Rails work for the APIs and front ends of the telephony and real-time communication applications that we build everyday and utilize Ruby and Rails’ rich community of open source projects to make a lot of what I do possible.

One of my favourite gems I tend to reach for on every project is CanCan, an authorization library authored by Ryan Bates (of Railscasts fame among other things). CanCan provides a simple and powerful way to describe and enforce access rules in your controllers. From a simple blog to a vast, multi-tenanted, service oriented application, CanCan has been with me through it all and made my life much easier in the process.

Within the last year, Ryan announced on Railscasts that he was taking a (much deserved) hiatus and since then, CanCan has seen minimal to no updates. The community has been incredibly helpful, providing a multitude of pull requests to fix and enhance various issues, including Rails 4 and Strong Parameter support, but without Ryan at the helm to merge these in and release new versions of CanCan, most of these developers are sticking to their own various forks and the community becomes fragmented.

To give back to a community that has supported and helped me so much, and hopefully with Ryan’s blessing, I have begun to maintain a continuation of CanCan. After lengthy conversations, we decided to release CanCanCan version 1.7.0!

Our Mission

CanCanCan is a drop in replacement for CanCan. Only the gem name in your Gemfile should need to change:

gem 'cancan'

becomes

gem 'cancancan', '~> 1.7'

There are no changes to the namespace or declarations.

For the next bit I will be focusing on the 1.x branch, ensuring it is up to date, supports Rails 3 and 4, and continues to receive security fixes and optimizations. CanCanCan has also been expanded to support JRuby, Rubinius and MRI 2+, while continuing support for MRI 1.8 and 1.9.

Afterwards, I will begin to look into the 2.x branch and try to understand what improvements and refinements Ryan was attempting and how, before moving forward with it.

Since it began, CanCan has always had a supportive and engaged community of users. I hope that some of you can find your way over to CanCanCan to help us maintain and enhance such a great library.

Subscribe to our mailing list

* indicates required
I want to read about...
Email Format

17 thoughts on “Putting the Can in CanCan

  1. Thank you, thank you, thank you! CanCan is easily the best authorisation gem for Rails, and I’m incredibly happy to see that someone’s taking over its development and maintenance.

  2. I came here thinking this was an article about Canning CanCan! Thank you so much for what you’re offering to the community. I know many people use this gem and I’ve been pondering what to do about an alternative for a long time now! 😀

  3. Great that you are continuing this project! Especially for Rails 4! Is this gem ready for production environments?

  4. Nice work, it is great to know this is being maintained. Any suggestions on how to plug this in to the Active Admin gem? It comes with a cancan adapter out of the box, but it doesn’t seem to know how to connect to cancancan

  5. Joshua: I’m having the same problem. I think this line in active_admin is the problem:

    require ‘active_admin/cancan_adapter’ if Gem.loaded_specs[‘cancan’]

    It’s looking for a gem called “cancan”, we have one called “cancancan”.

    If I go to the top of my initializer “active_admin.rb”, and add:

    require ‘active_admin/cancan_adapter’

    Then I can startup WEBrick, anyway.

  6. As a beginner Rails developer, I’m trying to figure out how to use this with Devise. Is there a tutorial somewhere that shows how this works in a development environment? It would be extremely helpful to see it in use.

What do you think?