Skip to content
A simple gem for activerecord applications that manages authorization between objects
Find file
Pull request Compare This branch is 51 commits behind Intrepidd:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


This gem is a simple activerecord extention that allows any application using activerecord to manage permissions based roles.


Standard gem installation :

gem install rails-canhaz

Or in your Gemfile if you use bundler

gem 'rails-canhaz'

You then need to create a single table in order to make this gem to work

Here is the schema of this table, if you're using ruby on rails, you should create a migration :

create_table :can_haz_permissions do |t|
  t.integer :csubject_id
  t.string :csubject_type

  t.integer :cobject_id
  t.string :cobject_type

  t.string :permission_name

add_index :can_haz_permissions, :csubject_id, :name => 'subject_id_ix'
add_index :can_haz_permissions, :cobject_id, :name => 'object_id_ix'

Or you can run this command :

rails g can_haz:install

How to use it ?

The rails-canhaz gem defines two static functions for ActiveRecord models which allow them to act as a subject or an object.

A subject has roles on objects.

Here is an example

class User < ActiveRecord::Base

class Article < ActiveRecord::Base

Now our models are marked as canhaz subjects and objects, we have access to some handy functions :

user = User.find(42)
article = Article.find(1337)

user.can?(:read, article) # Can the user read this article? false for now

user.can!(:read, article) # Ok, so the user can read this article
user.can!(:edit, article) # He can edit it as well

user.can?(:read, article) # Will be true

user.objects_with_permission(Article, :read) # Will return all the articles w/ read permissions for this user

artice.subjects_with_permission(User, :read) # Will return all the users hat are able to read this article

#You can also remove permissions

user.cannot!(:read, article)


  • 0.4.0 :

    • Aliasing can to can! and deprecating can
    • Aliasing cannot to cannot! and deprecating cannot
  • 0.3.0 :

    • Removing rights from the database before destroying a subject or object model
Something went wrong with that request. Please try again.