Skip to content

HowTo: Devise Cancan Authentication Authorization

Andrew vonderLuft edited this page Aug 26, 2023 · 1 revision

Reuse Devise ( Authentication with gem 'devise') and CanCan (Authorization with gem 'cancan') for access control :

in lib/my_app/devise_auth.rb

module MyApp::DeviseAuth
  def authenticate
    if current_user
      ability = Ability.new(current_user)
      return true if ability.can?(:manage, "Cms::Site")
      raise CanCan::AccessDenied
    else
      scope = Devise::Mapping.find_scope!(:user)
      session["#{scope}_return_to"] = new_cms_admin_site_path(:locale => I18n.locale) # if localized...
      redirect_to admin_sign_in_path
    end
  end
end

In config/initializers/occams.rb

  config.admin_auth = 'MyApp::DeviseAuth'

In models/ability.rb

def initialize(user)
  alias_action :index, :show, :to => :read
  alias_action :create, :update, :to => :manage

  # define user abilities here ....
  user ||= User.new
  ...
  if user.has_role? :admin
    can [:read, :manage], "Cms::Site"