Rails Authorization plugins

We are evaluating authorization plugins for rails and I wanted to
address the group for some feedback.

The two we are looking at are: cancan by Ryan Bates and
declarative_authorization.

If anyone has used either of these and can give me some feedback on
how they have worked out for you that would be great! We would be
using one of these in conjunction with the restul_auth plugin btw.

One monkey wrench our project throws in to the mix is that we have a
multiple database
per customer model so I'm aware we'll need to make some changes to the
plugin in order
to make it fit. So if you have customized either of the plugins I
would like how easy / difficult that was.

The two we are looking at are: cancan by Ryan Bates and
declarative_authorization.

I had the same candidates recently and decided to use CanCan. I think
that they are very similar in spirit, declarative_authorization is far
more elaborate and consequently more complex. CanCan is much simpler. As
I don't need more than CanCan provides, I went with it.

If you need model-based security over and above resource/controller-
based checks, than declarative_authorization is the way to go.

We would be
using one of these in conjunction with the restul_auth plugin btw.

Have you had a look at authlogic for comparison?

Michael

I'm using declarative_authorization and I like it a lot.
Also, +1 to authlogic instead of restful_authentication.

jmamma wrote:

We are evaluating authorization plugins for rails and I wanted to
address the group for some feedback.

The two we are looking at are: cancan by Ryan Bates and
declarative_authorization.

I've never used either of these, but I've been working with DocSavage's
rails_authorization plugin. It's OK, but declarative_authorization
looks like the same thing done a little better IIRC.

If anyone has used either of these and can give me some feedback on
how they have worked out for you that would be great! We would be
using one of these in conjunction with the restul_auth plugin btw.

Please, please, *do not* use restful_auth. It may seem easier now, but
in a month you'll regret it as you will have a User model full of
unmaintainable generated crap. I echo other posters who recommend
Authlogic instead.

Best,