https://github.com/CanCanCommunity/cancancan

The authorization Gem for Ruby on Rails.
https://github.com/CanCanCommunity/cancancan

Keywords

authorization cancancan rails

Keywords from Contributors

activerecord activejob mvc rspec rubygems rubocop devise grape static-code-analysis code-formatter

Last synced: about 19 hours ago
JSON representation

Repository metadata

The authorization Gem for Ruby on Rails.

Host: GitHub
URL: https://github.com/CanCanCommunity/cancancan
Owner: CanCanCommunity
License: mit
Created: 2014-02-19T18:26:23.000Z (almost 12 years ago)
Default Branch: develop
Last Pushed: 2025-01-27T07:26:12.000Z (11 months ago)
Last Synced: 2025-12-06T18:41:20.368Z (4 days ago)
Topics: authorization, cancancan, rails
Language: Ruby
Homepage:
Size: 3.54 MB
Stars: 5,669
Watchers: 94
Forks: 642
Open Issues: 88
Releases: 9
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE

CanCanCan

Developer guide |
RDocs |
Screencast 1 |
Screencast 2

CanCanCan is an authorization library for Ruby and Ruby on Rails which restricts what
resources a given user is allowed to access.

All permissions can be defined in one or multiple ability files and not duplicated across controllers, views,
and database queries, keeping your permissions logic in one place for easy maintenance and testing.

It consists of two main parts:

Authorizations library that allows you to define the rules to access different objects,
and provides helpers to check for those permissions.
Rails helpers to simplify the code in Rails Controllers by performing the loading and checking of permissions
of models automatically and reduce duplicated code.

Our sponsors

Do you want to sponsor CanCanCan and show your logo here?
Check our Sponsors Page.

Head to our complete Developer Guide to learn how to use CanCanCan in details.

Installation

Add this to your Gemfile:

gem 'cancancan'

and run the bundle install command.

Define Abilities

User permissions are defined in an Ability class.

rails g cancan:ability

Here follows an example of rules defined to read a Post model.

class Ability
  include CanCan::Ability

  def initialize(user)
    can :read, Post, public: true

    return unless user.present?  # additional permissions for logged in users (they can read their own posts)
    can :read, Post, user: user

    return unless user.admin?  # additional permissions for administrators
    can :read, Post
  end
end

Check Abilities

The current user's permissions can then be checked using the can? and cannot? methods in views and controllers.

<% if can? :read, @post %>
  <%= link_to "View", @post %>
<% end %>

Fetching records

One of the key features of CanCanCan, compared to other authorization libraries,
is the possibility to retrieve all the objects that the user is authorized to access.
The following:

  @posts = Post.accessible_by(current_ability)

will use your rules to ensure that the user retrieves only a list of posts that can be read.

Controller helpers

The authorize! method in the controller will raise an exception if the user is not able to perform the given action.

def show
  @post = Post.find(params[:id])
  authorize! :read, @post
end

Setting this for every action can be tedious, therefore the load_and_authorize_resource method is provided to
automatically authorize all actions in a RESTful style resource controller.
It will use a before action to load the resource into an instance variable and authorize it for every action.

class PostsController < ApplicationController
  load_and_authorize_resource

  def show
    # @post is already loaded and authorized
  end

  def index
    # @posts is already loaded with all posts the user is authorized to read
  end
end

Documentation

Head to our complete Developer Guide to learn how to use CanCanCan in details.

Questions?

If you have any question or doubt regarding CanCanCan which you cannot find the solution to in the
documentation, please
open a question on Stackoverflow with tag
cancancan

Bugs?

If you find a bug please add an issue on GitHub or fork the project and send a pull request.

Development

CanCanCan uses appraisals to test the code base against multiple versions
of Rails, as well as the different model adapters.

When first developing, you need to run bundle install and then bundle exec appraisal install, to install the different sets.

You can then run all appraisal files (like CI does), with appraisal rake or just run a specific set DB='sqlite' bundle exec appraisal activerecord_5.2.2 rake.

If you'd like to run a specific set of tests within a specific file or folder you can use DB='sqlite' SPEC=path/to/file/or/folder bundle exec appraisal activerecord_5.2.2 rake.

If you use RubyMine, you can run RSpec tests by configuring the RSpec configuration template like this:

See the CONTRIBUTING for more information.

Special Thanks

Thanks to our Sponsors and to all the CanCanCan contributors.
See the CHANGELOG for the full list.

Owner metadata

Name: CanCanCommunity
Login: CanCanCommunity
Email:
Kind: organization
Description:
Website:
Location:
Twitter:
Company:
Icon url: https://avatars.githubusercontent.com/u/6765080?v=4
Repositories: 5
Last ynced at: 2023-08-14T12:20:35.997Z
Profile URL: https://github.com/CanCanCommunity

GitHub Events

Total

Issues event: 6
Watch event: 102
Issue comment event: 23
Push event: 1
Pull request review event: 2
Pull request event: 8
Fork event: 9
Create event: 1

Last Year

Issues event: 6
Watch event: 75
Issue comment event: 21
Push event: 1
Pull request review event: 1
Pull request event: 7
Fork event: 9
Create event: 1

Committers metadata

Last synced: 4 days ago

Total Commits: 1,027
Total Committers: 230
Avg Commits per committer: 4.465
Development Distribution Score (DDS): 0.759

Commits in past year: 1
Committers in past year: 1
Avg Commits per committer in past year: 1.0
Development Distribution Score (DDS) in past year: 0.0

Name	Email	Commits
Ryan Bates	r**n@r**m	248
Alessandro Rodi	a**i@r**h	203
Bryan Rite	b**n@b**m	117
Alex Ghiculescu	a**x@t**o	29
Tad Thorley	p**x@g**m	26
Richard Wilson	r**d@f**m	25
Mani Tadayon	b**r@g**m	13
Nick Flueckiger	n**r@r**h	12
Craig Chamberlain	c**g@a**k	10
Sokolov Yura	f**n@g**m	8
Yura Sokolov	y**a@y**)	7
Benoit Daloze	e**p@g**m	6
Carlos Figueiredo	c**7@g**m	6
Vladimir Kochnev	h**e@y**u	5
Jon Kinney	j**y@g**m	5
matthiasfehr	m**r@r**h	4
Lukas Bischof	l**f@r**h	4
Sergei Smagin	s**0@g**m	4
Olle Jonsson	o**n@g**m	4
John Hawthorn	j**n@g**m	4
Anuj Dutta	a**j@a**m	4
Anthony Ross	a**s@g**m	4
Andrew Marshall	a**w@j**m	4
Alexander Popov	a**r@g**m	4
Stephen Pike	s**e@s**t	4
stellard	s**d@g**m	3
Serj L	g**r@g**m	3
Emmanuel Gomez	e**z@g**m	3
Dmytro Piliugin	d**n@g**m	3
Nicolás Hock Isaza	n**i@g**m	3
and 200 more...

Committer domains:

Issue and Pull Request metadata

Last synced: 5 days ago

Total issues: 65
Total pull requests: 122
Average time to close issues: 6 months
Average time to close pull requests: 6 months
Total issue authors: 59
Total pull request authors: 68
Average comments per issue: 2.52
Average comments per pull request: 1.48
Merged pull request: 54
Bot issues: 0
Bot pull requests: 6

Past year issues: 6
Past year pull requests: 11
Past year average time to close issues: about 5 hours
Past year average time to close pull requests: N/A
Past year issue authors: 6
Past year pull request authors: 6
Past year average comments per issue: 0.5
Past year average comments per pull request: 0.55
Past year merged pull request: 0
Past year bot issues: 0
Past year bot pull requests: 2

More stats: https://issues.ecosyste.ms/repositories/lookup?url=https://github.com/CanCanCommunity/cancancan

Top Issue Authors

23tux (3)
heaven (2)
afn (2)
walterdavis (2)
owst (2)
Fryie (1)
fcheung (1)
oboxodo (1)
niuage (1)
acesuares (1)
mathieujobin (1)
michaelcohenunsw (1)
gryphon (1)
pre (1)
jglauche (1)

Top Pull Request Authors

coorasse (13)
0llirocks (6)
dependabot[bot] (6)
ghost (5)
pandermatt (4)
entei (3)
CuddlyBunion341 (3)
tardate (2)
mishina2228 (2)
takayamaki (2)
kaspernj (2)
mark-young-atg (2)
ghiculescu (2)
mswiszcz (2)
fynsta (2)

Top Issue Labels

bug (5)
gist needed (2)
need help (2)
investigating (2)
waiting for feedback (2)
next major release (1)
question (1)

Top Pull Request Labels

dependencies (6)
javascript (6)
waiting for feedback (5)
next minor release (4)
new feature (3)
enhancement (2)
investigating (2)
bug (1)
need help (1)
code review (1)
next major release (1)

Package metadata

Total packages: 4
Total downloads:
- rubygems: 167,806,736 total
Total docker downloads: 1,091,504
Total dependent packages: 179 (may contain duplicates)
Total dependent repositories: 17,923 (may contain duplicates)
Total versions: 116
Total maintainers: 1

gem.coop: cancancan

Simple authorization solution for Rails. All permissions are stored in a single location.

Homepage: https://github.com/CanCanCommunity/cancancan
Documentation: http://www.rubydoc.info/gems/cancancan/
Licenses: MIT
Latest release: 3.6.1 (published over 1 year ago)
Last Synced: 2025-12-08T11:34:55.830Z (2 days ago)
Versions: 42
Dependent Packages: 0
Dependent Repositories: 0
Downloads: 83,890,341 Total
Docker Downloads: 545,752
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Downloads: 0.318%
- Average: 0.451%
- Docker downloads count: 1.485%
Maintainers (1)
- coorasse
Funding:
- https://github.com/sponsors/coorasse

rubygems.org: cancancan