- extends CanCan and offers a role oriented permissions design.
- integrates with any Role and Authentication systems in a non-intrusive manner.
- supports multiple user accounts, fx for scenarios with sub applications
- works with multiple Devise users
Supported ruby versions
Tested to work with:
- Ruby 1.9+
Currently doesn’t support:
- Ruby 1.8.7
If you require ruby 1.8.7 support, please patch it and make a pull request ;)
August 17, version 0.8.2 released
Today marks a new CanTango release, version 0.8.2.
Now with Pluggable engines
The project includes two working dummy apps (see spec folder).
- “dummy” – how to use CanTango in a Rails 3 app without Devise.
- “devise-dummy” – integration with Devise :)
Will CanTango meet my Access Control (permission) requirements?
gem install cantango
Usage in a Rails 3 app
Insert into Gemfile
Run bundler to bundle gems in the app
Running the dumy app integration tests
$ bundle # run dummy app integration specs $ bundle exec rspec spec/integration # dun devise dummy integration specs $ bundle exec rspec spec/devise-integration
We suggest you look at the wiki scenarios and check out the dummy apps to
get a feel for how to integrate CanTango in your app.
The CanTango pattern is simple:
1. Return cached rules (if available)
2. Generate rules
3. Cache rules
1. Use cached rules and return if user has cached rules
2. Generate rules for Permits (if ‘Permits engine’ is turned on)
3. Generate rules for Permissions (if ‘Permissions engine’ is turned on)
4. Cache generated rules with unique key for current user (ability candidate)
See CanTango Ability
Rails 3 configuration
Minimal role system requirements
CanTango requires that you have some kind of ‘role system’ in place (see Role system requirement)
Supported role systems
Currently the role system Troles is targeted, but any role system will do with a few minor patches on top
Permission rules can be defined in:
- Permission store
- Permit classes
Application configuration for CanTango
- Define roles that Users can have
- Define which roles are available
- Define a Permit for each role.
- For each Permit, define what Users with a role matching the permit can do
CanTango will be integrated with CanCan REST links, letting you easily control which users have access to which models in your app.
The coming Rails 3 engine
Dancing will likely include a generator that you can use to
configure your Rails app for Devise, CanCan, CanTango and Troles.
See Quickstart guide in the wiki.
We also have a complete setup guide for a simple and a complex permissions scenario.
Permits can be defined for any of the following:
- Role groups
- User types (not yet implemented)
In addition you can also define licenses, that are sets of permit rules that can be reused in various role and role group permits.
You can use Generators to generate your permits. All Permit classes should be placed in the app/permits folder of a Rails app.
See Role permits in the wiki.
You can limist a Permit to only take effect for a certain account
See Account permits on the wiki
Role group permits
Advanced permission control
The Permits system uses some special permits System and Any, that can be configured for
advanced permission scenarios as described in the wiki. You also have
other special options available for advanced permission scenarios.
See Advanced Permits
Licenses are named permission sets that can be reused across various permits (like mixins).
See Licenses in the wiki.
The gem comes with the following generators
- can_tango:install – generate initial configuration files to “install” CanTango in your app
- can_tango:role_permits – generate multiple permits
- can_tango:role_permit – generate a single permit
- can_tango:licenses – generate multiple licenses
- can_tango:license – generate a single license
Note: Some work is still needed on the generators… please help out!
You need help?
Please post ideas, questions etc. in the cantango group on Google.
Bugs, issues or feature request/ideas?
If you encounter bugs, raise an issue or:
- Fork the project.
- Make your feature addition or bug fix.
- Add tests for it. This is important so I don’t break it in a
future version unintentionally.
- Commit, do not mess with rakefile, version, or history.
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
- Send me a pull request. Bonus points for topic branches.
- Kristian Mandrup
- Main architect
- Designer of structure
- Feature ideas
- Initiator of project
- Devise app integration specs
- Stanislaw Pankevich
- Main contributor of permissions engine
- Caching of Procs
- Lots of bug fixes and many specs
- Tireless worker ;)
Copyright © 2010 Kristian Mandrup. See LICENSE for details.