Skip to content
CanCan extension with role oriented permission management, rules caching and much more
Ruby JavaScript
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



CanTango extends CanCan and offers a role oriented
permissions design. CanTango also integrates well with Devise and scenarios with multiple user accounts.

Supported ruby versions

Tested to work with:

  • Ruby 1.9+

Currently doesn’t support:

  • Ruby 1.8.7

Should I use CanTango for my permission requirements?


gem install cantango

Usage in a Rails 3 app

Insert into Gemfile

gem 'cantango'

Run bundler to bundle gems in the app

$ bundle

Design overview

The CanTango pattern is simple:
1. Return cached rules (if available)
2. Generate rules
3. Cache rules


1. Use cached rules and return if user has cached rules
2. Generate rules for Permits if ‘Permits engine’ is turned on
3. Generate rules for Permissions if ‘Permissions engine’ is turned on
4. Cache generated rules with unique key for current user

See CanTango Ability

Rails 3 configuration

See Configuration

Minimal role system requirements

CanTango requires that you have some kind of ‘role system’ in place (see Role system requirement)

Supported role systems

Currently the role system Troles is targeted, but any role system will do with a few minor patches on top

Permission configuration

Permission rules can be defined in:

  • Permission store
  • Permit classes


See Permits

Permissions store

Permission rules can be stored and maintained in a Permissions store
A Permissions store can be either a simple YAML file or a key-value store supported by Moneta

Application configuration for CanTango

  • Define roles that Users can have
  • Define which roles are available
  • Define a Permit for each role.
  • For each Permit, define what Users with a role matching the permit can do


CanTango is integrated with CanCan REST links, letting you easily control which users have access to which models in your app.

The coming Rails 3 engine Dancing will include a full_config generator that you can use to configure your Rails app for devise, cancan, cantango and troles.


Define Permits

Permits can be defined for any of the following:

  • Roles
  • Role groups

In addition you can also define licenses, that are sets of permit rules that can be reused in various role and role group permits.

You can use the Permits generator to generate your permits. All Permit classes should be placed in the app/permits folder of a Rails app.

See Role permits in the wiki.

Account permits

See Account permits on the wiki

Permit for Role group

See Role group permits

Special permits

The Permits system uses some special permits System and Any, that can be configured for
advanced permission scenarios as described in the wiki.


See Licenses in the wiki.

Advanced Permits

See Advanced Permits


The gem comes with the following generators

  • can_tango:role_permits – generate multiple permits
  • can_tango:role_permit – generate a single permit
  • can_tango:licenses – generate multiple licenses
  • can_tango:license – generate a single license

See Generators

You need help?

Please post ideas, questions etc. in the cantango group on Google.

Bugs, issues or feature request/ideas?

If you encounter bugs, raise an issue or:

  • Fork the project.
  • Make your feature addition or bug fix.
  • Add tests for it. This is important so I don’t break it in a
    future version unintentionally.
  • Commit, do not mess with rakefile, version, or history.
    (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
  • Send me a pull request. Bonus points for topic branches.


Copyright © 2010 Kristian Mandrup. See LICENSE for details.

Something went wrong with that request. Please try again.