Protector::Cancan

Integrates Protector and CanCan.

Protector and CanCan are all about the same thing: access control. They however act on different fronts: Protector works on a model level and CanCan is all about controllers defense. With this gem you don't have to choose anymore: make them work together for the best result.

The integration makes CanCan aware of Protector restrictions. You still can have separate Ability instance and even extend (or override) what comes from Protector.

Additionally CanCan will automatically restrict instances with current_user during load_resource part.

You are expected to have generated CanCan ability by this moment. Proceed to CanCan installation tutorial to make one if you don't.

Add this line to your application's Gemfile:

gem 'protector-cancan'

And then execute:

$ bundle

Now modify your Ability definition in the following way:

class Ability
  include CanCan::Ability

  def initialize(user)
    import_protector user # <- add this
  end
end

For the case when you have the following model defined:

class Dummy < ActiveRecord::Base
  protect do |user|
    can :read if user
  end
end

If you call can? :view, Dummy, the gem will evaluate Dummy protection block against value passed to import_protector (by default it's current_user) and expand CanCan rules with resulting meta. Note that gem automatically converts :read to :view so you should use CanCan naming conventions when working with CanCan.

So in this particular case we will get true if current_user is set and false otherwise.

And that's how controller is going to work:

class DummiesController
  load_and_authorize_resources

  def index    # Will be accessible if current_user isn't blank
    @dummies   # => Dummy.restrict!(current_user)
  end

  def show     # Will be accessible if current_user isn't blank
    @dummy     # => Dummy.find(params[:id]).restrict!(current_user)
  end
end

• Boris Staal, @inossidabile

It is free software, and may be redistributed under the terms of MIT license.