Continuing work on our favorite Rails authorization library

As many of you have read, I am announcing the CanCanCan project, a continuation of the popular Rails gem CanCan. This effort is a collaboration of the CanCan community continuing Ryan Bates’ excellent work to date. This article is intended to serve as the release announcement as well as talk about the direction for the CanCan(Can) Community… but first, a little background:

Here at Mojo Lingo, we help our clients build a lot of great applications, relying on all sorts of open source software. I do a lot of Rails work for the APIs and front ends of the telephony and real-time communication applications that we build everyday and utilize Ruby and Rails’ rich community of open source projects to make a lot of what I do possible.

One of my favourite gems I tend to reach for on every project is CanCan, an authorization library authored by Ryan Bates (of Railscasts fame among other things). CanCan provides a simple and powerful way to describe and enforce access rules in your controllers. From a simple blog to a vast, multi-tenanted, service oriented application, CanCan has been with me through it all and made my life much easier in the process.

Within the last year, Ryan announced on Railscasts that he was taking a (much deserved) hiatus and since then, CanCan has seen minimal to no updates. The community has been incredibly helpful, providing a multitude of pull requests to fix and enhance various issues, including Rails 4 and Strong Parameter support, but without Ryan at the helm to merge these in and release new versions of CanCan, most of these developers are sticking to their own various forks and the community becomes fragmented.

To give back to a community that has supported and helped me so much, and hopefully with Ryan’s blessing, I have begun to maintain a continuation of CanCan. After lengthy conversations, we decided to release CanCanCan version 1.7.0!

Our Mission

CanCanCan is a drop in replacement for CanCan. Only the gem name in your Gemfile should need to change:

gem 'cancan'

becomes

gem 'cancancan', '~> 1.7'

There are no changes to the namespace or declarations.

For the next bit I will be focusing on the 1.x branch, ensuring it is up to date, supports Rails 3 and 4, and continues to receive security fixes and optimizations. CanCanCan has also been expanded to support JRuby, Rubinius and MRI 2+, while continuing support for MRI 1.8 and 1.9.

Afterwards, I will begin to look into the 2.x branch and try to understand what improvements and refinements Ryan was attempting and how, before moving forward with it.

Since it began, CanCan has always had a supportive and engaged community of users. I hope that some of you can find your way over to CanCanCan to help us maintain and enhance such a great library.