![](\"http:\/\/fury-badge.herokuapp.com\/rb\/cancan.png\"){kind=icon}
}[http:\/\/badge.fury.io\/rb\/cancan] {![](\"http:\/\/secure.travis-ci.org\/ryanb\/cancan.png?branch=master\")
}[http:\/\/travis-ci.org\/ryanb\/cancan] {![](\"http:\/\/codeclimate.com\/github\/ryanb\/cancan.png\")
}[https:\/\/codeclimate.com\/github\/ryanb\/cancan]<\/p>\n= CanCan {}[http:\/\/badge.fury.io\/rb\/cancan] {}[http:\/\/travis-ci.org\/ryanb\/cancan] {}[https:\/\/codeclimate.com\/github\/ryanb\/cancan]<\/p>\n
Wiki[https:\/\/github.com\/ryanb\/cancan\/wiki] | RDocs[http:\/\/rdoc.info\/projects\/ryanb\/cancan] | Screencast[http:\/\/railscasts.com\/episodes\/192-authorization-with-cancan]<\/p>\n
CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the +Ability+ class) and not duplicated across controllers, views, and database queries.<\/p>\n
== Installation<\/p>\n
In Rails 3<\/b>, add this to your Gemfile and run the +bundle+ command.<\/p>\n
gem \u201ccancan\u201d<\/p>\n
In Rails 2<\/b>, add this to your environment.rb file.<\/p>\n
config.gem \u201ccancan\u201d<\/p>\n
Alternatively, you can install it as a plugin.<\/p>\n
rails plugin install git:\/\/github.com\/ryanb\/cancan.git<\/p>\n
== Getting Started<\/p>\n
CanCan expects a +current_user+ method to exist in the controller. First, set up some authentication (such as Authlogic[https:\/\/github.com\/binarylogic\/authlogic] or Devise[https:\/\/github.com\/plataformatec\/devise]). See {Changing Defaults}[https:\/\/github.com\/ryanb\/cancan\/wiki\/changing-defaults] if you need different behavior.<\/p>\n
=== 1. Define Abilities<\/p>\n
User permissions are defined in an +Ability+ class. CanCan 1.5 includes a Rails 3 generator for creating this class.<\/p>\n
rails g cancan:ability<\/p>\n
In Rails 2.3, just add a new class in class Ability include CanCan::Ability<\/p>\n end<\/p>\n See {Defining Abilities}[https:\/\/github.com\/ryanb\/cancan\/wiki\/defining-abilities] for details.<\/p>\n === 2. Check Abilities & Authorization<\/p>\n The current user\u2019s permissions can then be checked using the can? and cannot? methods in the view and controller.<\/p>\n See {Checking Abilities}[https:\/\/github.com\/ryanb\/cancan\/wiki\/checking-abilities] for more information<\/p>\n The authorize! method in the controller will raise an exception if the user is not able to perform the given action.<\/p>\n def show @article = Article.find(params[:id]) authorize! :read, @article end<\/p>\n Setting this for every action can be tedious, therefore the +load_and_authorize_resource+ method is provided to automatically authorize all actions in a RESTful style resource controller. It will use a before filter to load the resource into an instance variable and authorize it for every action.<\/p>\n class ArticlesController < ApplicationController load_and_authorize_resource<\/p>\n end<\/p>\n See {Authorizing Controller Actions}[https:\/\/github.com\/ryanb\/cancan\/wiki\/authorizing-controller-actions] for more information.<\/p>\n === 3. Handle Unauthorized Access<\/p>\n If the user authorization fails, a CanCan::AccessDenied exception will be raised. You can catch this and modify its behavior in the +ApplicationController+.<\/p>\n class ApplicationController < ActionController::Base rescue_from CanCan::AccessDenied do |exception| redirect_to root_url, :alert => exception.message end end<\/p>\n See {Exception Handling}[https:\/\/github.com\/ryanb\/cancan\/wiki\/exception-handling] for more information.<\/p>\n === 4. Lock It Down<\/p>\n If you want to ensure authorization happens on every action in your application, add +check_authorization+ to your ApplicationController.<\/p>\n class ApplicationController < ActionController::Base check_authorization end<\/p>\n This will raise an exception if authorization is not performed in an action. If you want to skip this add +skip_authorization_check+ to a controller subclass. See {Ensure Authorization}[https:\/\/github.com\/ryanb\/cancan\/wiki\/Ensure-Authorization] for more information.<\/p>\n == Wiki Docs<\/p>\n == Questions or Problems?<\/p>\n If you have any issues with CanCan which you cannot find the solution to in the documentation[https:\/\/github.com\/ryanb\/cancan\/wiki], please add an {issue on GitHub}[https:\/\/github.com\/ryanb\/cancan\/issues] or fork the project and send a pull request.<\/p>\n To get the specs running you should call +bundle+ and then +rake+. See the {spec\/README}[https:\/\/github.com\/ryanb\/cancan\/blob\/master\/spec\/README.rdoc] for more information.<\/p>\n == Special Thanks<\/p>\n CanCan was inspired by declarative_authorization[https:\/\/github.com\/stffn\/declarative_authorization\/] and aegis[https:\/\/github.com\/makandra\/aegis]. Also many thanks to the CanCan contributors[https:\/\/github.com\/ryanb\/cancan\/contributors]. See the CHANGELOG[https:\/\/github.com\/ryanb\/cancan\/blob\/master\/CHANGELOG.rdoc] for the full list.<\/p>\n","protected":false},"excerpt":{"rendered":" = CanCan {}[http:\/\/badge.fury.io\/rb\/cancan] {}[http:\/\/travis-ci.org\/ryanb\/cancan] {}[https:\/\/codeclimate.com\/github\/ryanb\/cancan] Wiki[https:\/\/github.com\/ryanb\/cancan\/wiki] | RDocs[http:\/\/rdoc.info\/projects\/ryanb\/cancan] | Screencast[http:\/\/railscasts.com\/episodes\/192-authorization-with-cancan] CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the +Ability+ class) and not duplicated across controllers, views, and database queries. == Installation In Rails 3, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7562","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/7562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=7562"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/7562\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=7562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=7562"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=7562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}app\/models\/ability.rb<\/code> with the following contents:<\/p>\ndef initialize(user)\nend\n<\/code><\/pre>\ndef show\n # @article is already loaded and authorized\nend\n<\/code><\/pre>\n