Are there any gems for authorization?

by Denis '@denyago' Yagofarov, developer at Aejis

Slides: http://denyago.github.io/any-gems-for-authorization

Authentication vs. Authorization

Authentication - Who?

Authorization - Can?

Who acts?

What do we have?

What do we have?

What do I want?

(as a current_user)

  1. Load collection of models
  2. Auth an action (create, blow!, etc.)
  3. ... and do it fast!
  4. ... and be happy with the code
  5. ... and not require 'rails'

CanCan

Setup CanCan

Use CanCan

CanCan is good

CanCan is bad

Heimdallr

Setup Heimdallr

Use Heimdallr

Heimdallr is good

#<Heimdallr::Proxy::Record: #<User id: 42, name: "42th User">>

Heimdallr is bad

:trollface:

Compare CanCan and Heimdallr

Comparison results

Rehearsal ----------------------------------------------------------
CanCan:                  0.200000   0.010000   0.210000 (  0.209705)
Heimdallr:               0.470000   0.000000   0.470000 (  0.500858)
Heimdallr (insecure):    0.210000   0.000000   0.210000 (  0.220875)
------------------------------------------------- total: 0.890000sec

                             user     system      total        real
CanCan:                  0.200000   0.010000   0.210000 (  0.207055)
Heimdallr:               0.450000   0.000000   0.450000 (  0.456898)
Heimdallr (insecure):    0.190000   0.000000   0.190000 (  0.235545)
  

Authority

Authority

Declarative Authorization

Declarative Authorization

Still no perfect gems for authorization.

Thank you!

examples available at denyago/auithorization-gems-example