views:

103

answers:

1

We are evaluating plugins for Authorization in Rails. The two at the top of our list are cancan and declarative_authorization.

I would like to get some feedback from anyone currently using either of these plugins.

The problem we are going to face with any authorization plugin is that we have a database per customer model and will need to modify the plugin to work within that model. Because of this fact I'm interested in hearing from anyone who has had to tweak the plugins at all as well.

I'm just starting to look around at the code. It seems like cancan might be a little easier to customize.

Any thoughts?

+1  A: 

Cancan is a lighter weight plugin for smaller sites. You can see a video on railscasts.
http://railscasts.com/episodes/192-authorization-with-cancan

I've used declarative_authorization with authlogic/restful_auth for several projects. It has everything you would need. 1) Model security. 2) Controller security 3) methods available to the view to check auth.

The only frustrating thing I've run into with declarative_authorization is me not reading the rdocs.

http://railscasts.com/episodes/188-declarative-authorization

jspooner