Skip to content
CanCan extension with role oriented permission management, rules caching and much more
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



CanTango extends CanCan and offers a role oriented
permissions design. CanTango also integrates well with Devise and scenarios with multiple user accounts.

Supported ruby versions

Tested to work with:

  • Ruby 1.9+

Currently doesn’t support:

  • Ruby 1.8.7

August 11, RC2 released!

The second Release Candidate of CanTango has now been released, version 0.8.0.rc2
We have included two working dummy apps (see spec folder).

  • “dummy” – how to use CanTango in a Rails 3 app without Devise.
  • “devise-dummy” – integration with Devise :)


Should I use CanTango for my permission requirements?


gem install cantango

Usage in a Rails 3 app

Insert into Gemfile

gem 'cantango'

Run bundler to bundle gems in the app

$ bundle

Running the dumy app integration tests

$ bundle

# run dummy app integration specs
$ bundle exec rspec spec/integration

# dun devise dummy integration specs
$ bundle exec rspec spec/devise-integration

We suggest you look at the wiki scenarios and check out the dummy apps to
get a feel for how to integrate CanTango in your app.

Design overview

The CanTango pattern is simple:
1. Return cached rules (if available)
2. Generate rules
3. Cache rules


1. Use cached rules and return if user has cached rules
2. Generate rules for Permits (if ‘Permits engine’ is turned on)
3. Generate rules for Permissions (if ‘Permissions engine’ is turned on)
4. Cache generated rules with unique key for current user (ability candidate)

See CanTango Ability

Rails 3 configuration

See Configuration

Minimal role system requirements

CanTango requires that you have some kind of ‘role system’ in place (see Role system requirement)

Supported role systems

Currently the role system Troles is targeted, but any role system will do with a few minor patches on top

Permission configuration

Permission rules can be defined in:

  • Permission store
  • Permit classes


See Permits

Permissions store

Permission rules can be stored and maintained in a Permissions store
A Permissions store can be either a simple YAML file or a key-value store supported by Moneta

Application configuration for CanTango

  • Define roles that Users can have
  • Define which roles are available
  • Define a Permit for each role.
  • For each Permit, define what Users with a role matching the permit can do


CanTango will be integrated with CanCan REST links, letting you easily control which users have access to which models in your app.

The coming Rails 3 engine
Dancing will likely include a generator that you can use to
configure your Rails app for Devise, CanCan, CanTango and Troles.


See Quickstart guide in the wiki.

We also have a complete setup guide for a simple and a complex permissions scenario.

Define Permits

Permits can be defined for any of the following:

  • Roles
  • Role groups
  • User types (not yet implemented)

In addition you can also define licenses, that are sets of permit rules that can be reused in various role and role group permits.

You can use Generators to generate your permits. All Permit classes should be placed in the app/permits folder of a Rails app.

See Role permits in the wiki.

Account permits

You can limist a Permit to only take effect for a certain account

See Account permits on the wiki

Role group permits

See RoleGroup permits

Advanced permission control

The Permits system uses some special permits System and Any, that can be configured for
advanced permission scenarios as described in the wiki. You also have
other special options available for advanced permission scenarios.

See Advanced Permits


Licenses are named permission sets that can be reused across various permits (like mixins).

See Licenses in the wiki.


The gem comes with the following generators

  • can_tango:install – generate initial configuration files to “install” CanTango in your app
  • can_tango:role_permits – generate multiple permits
  • can_tango:role_permit – generate a single permit
  • can_tango:licenses – generate multiple licenses
  • can_tango:license – generate a single license

See Generators

Note: Some work is still needed on the generators… please help out!

You need help?

Please post ideas, questions etc. in the cantango group on Google.

Bugs, issues or feature request/ideas?

If you encounter bugs, raise an issue or:

  • Fork the project.
  • Make your feature addition or bug fix.
  • Add tests for it. This is important so I don’t break it in a
    future version unintentionally.
  • Commit, do not mess with rakefile, version, or history.
    (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
  • Send me a pull request. Bonus points for topic branches.


  • Kristian Mandrup
  • Main architect
  • Designer of structure
  • Feature ideas
  • Initiator of project
  • Devise app integration specs
  • Stanislaw Pankevich
  • Main contributor of permissions engine
  • Caching of Procs
  • Lots of bug fixes and many specs
  • Tireless worker ;)


Copyright © 2010 Kristian Mandrup. See LICENSE for details.

Something went wrong with that request. Please try again.