Create Example of Using CanCan for Authorization to Upmin

[SingleShot]

It is unclear to me how I would use CanCan to authorize access to Upmin. I tried a few things but was unable to figure it out. It would be nice if there were an example of doing this. Thanks.

[joncalhoun]

I will try to get a quick guide setup for this tomorrow. Didn't get a chance to do it today.

[SingleShot]

I am not blocked by any means so please don't feel you need to react immediately. I will monitor this issue. Thanks.

[Ch4s3]

Would it make more sense to target CanCanCan specifically since CanCan is no longer maintained?

[SingleShot]

That makes sense. I was looking for a popular authz framework and CanCan came up. I do suspect the configuration for CanCan and CanCanCan will be very similar if not identical.

[Ch4s3]

Yeah, it should be 90+% the same for now. It might be good to drive people to CanCanCan though, as I suspect the now defunct CanCan may have issues with upcoming Rails versions.

Do you need help with the docs on this?

[joncalhoun]

I can look into both, but agree the main focus should probably be on CanCanCan. I'll probably just put little side notes for what is different in CanCan.

@SingleShot if you are just looking for a good auth framework, Devise is pretty solid and really simple to use with mountable engines (which Upmin is).

[joncalhoun]

@Ch4s3 I have never used CanCanCan, so if you want to write up the docs fast it would help. My assumption is that either:

1. CanCanCan supports something like Devise does, where you can simply add authentication on the routes (see the docs on auth), or
2. You will need to create a local copy of the Upmin Application Controller in your app at app/controllers/upmin/application_controller.rb and add the CanCanCan filters.

[Ch4s3]

Yeah, you would need to pull down the controller and add and authorization method, and set up a permissions file.

I can write up something in the next couple of days. I use upmin, but have never run it from source, so I'll have to do that first. I may also roll a quick test app to make sure it works too.

[joncalhoun]

@Ch4s3 You don't need to run it from source. If you copy the controller I linked you and just add it inside of your rails app under that folder the engine will use your file over its local copy. All engines work this way (as far as I can tell) making it super easy to override things.

[SingleShot]

@joncalhoun - thanks for the Devise recommendation. I am using that for authentication, but I want to use CanCan(Can) for authorization.

[joncalhoun]

@SingleShot Can you check out the following files to tell me if they roughly do what you are looking for? I just want to make sure we are on the same page before writing up docs.

Restricting upmin to just admins via cancan: https://github.com/upmin/store_demo/blob/cancancan_devise/app/controllers/upmin/application_controller.rb

Only show admin link to admins via cancan: https://github.com/upmin/store_demo/blob/cancancan_devise/app/views/static/index.html.haml#L5

demo ability model to make this work: https://github.com/upmin/store_demo/blob/cancancan_devise/app/models/ability.rb