We are evaluating plugins for Authorization in Rails. The two at the top of our list are cancan and declarative_authorization.
I would like to get some feedback from anyone currently using either of these plugins.
The problem we are going to face with any authorization plugin is that we have a database per customer model and will need to modify the plugin to work within that model. Because of this fact I'm interested in hearing from anyone who has had to tweak the plugins at all as well.
I'm just starting to look around at the code. It seems like cancan might be a little easier to customize.
Any thoughts?
I ended up using declarative_authorization. Now it seems that auth_logic is where the community is headed.
declarative_auth would have been really simple if it wasn't for our apps multi-tennant db model. I had to modify the source a bit to make it all work, but it wasn't too tough to do, and I was pretty green when I started this project.
It seems like you really can't go wrong with any of the solutions. cancan seemed cool too but it would have needed more mods for what I was doing so I decided against it.
Its written by Ryan Bates though which is cool. Love rails casts! :)
I know this post is old but I figured I'll update any because you never know.