Rails CanCan
CanCan is an authorization library for Ruby on Rails which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries. Installation In Rails 3 , add this to your Gemfile and run the bundle command. gem "cancan" In Rails 2 , add this to your environment.rb file. config.gem "cancan" Alternatively, you can install it as a plugin. rails plugin install git://github.com/ryanb/cancan.git Getting Started CanCan expects a current_user method to exist in the controller. First, set up some authentication (such as Authlogic or Devise ). See Changing Defaults if you need different behavior. 1. Define Abilities User permissions are defined in an Ability class. CanCan 1.5 includes a Rails 3 generator for creating this class. rails g cancan:ability In Rails 2.3, just add a new class in `app/models/ability.rb` with