views:

70

answers:

4

I'm slowly but surely putting together my first rails app (first web-app of any kind in fact - I'm not really a programmer) and it's time to set up a user registration/login system. The nature of my app is such that each user will be completely separated from each other user (except for admin roles). When users log in they will have their own unique index page looking at only their data which they and no-one else can ever see or edit. However, I may later want to add a role for a user to be able to view and edit several other user's data (e.g. a group of users may want to allow their secretary to access and edit their data but their secretary would not need any data of their own).

My plan is to use authlogic to create the login system and declarative authorization to control permissions but before I embark on this fairly major and crucial task I thought I would canvas a few opinions as to whether this combo was appropriate for the tasks I envisage or whether there would be a better/simpler/faster/cheaper/awesomer option.

+5  A: 

What about cancan by Ryan Bates? Here you can get a complete visual guided implementation

microspino
OK, looks nice and simple. How does it compare with declarative_authorization? What would I be sacrificing?
brad
Both have pros and cons: declarative_authorization lot of people follow on github and if you google about It you'll find a lot of use cases. It's well maintained since 2008. Cancan is a bit based on declarative_authorization but It's more simple (= less code), less magic behind itself, a very friendly DSL and good documentation. declarative_authorization has more out of the box but cancan could be easily extended.
microspino
Cancan has excellent documentation and will probably take over as *the* authorization class.
ryeguy
Thanks, I had heard of cancan but not looked at it too closely. After getting authlogic up and running I'm now experimenting with cancan and it seems really easy and effective. Thanks.
brad
Both me and you and anyone else using cancan have to thanks ryan bates for this! ;)
microspino
+1  A: 

What about Device? Take a look at the railscasts.com site.

khmarbaise
+1  A: 

Take a look at this, it might help:

Basic Rails 3 engine utilizing Authlogic, CanCan and Easy Roles

Shripad K
A: 

Be careful with the CanCan RailsCast. Ryan Bates is the man, but I don't agree with this database design. I wrote an extensive walkthrough to using Devise for auth and CanCan for roles here: http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/

I think you will find it very useful and be able to get auth up and running in 30 minutes or so.

Tony