目的

Deviseでユーザー認証を行い、CanCanで権限管理をする。
権限は、管理者、登録者、歌詞閲覧

参考

https://github.com/ryanb/cancan/wiki/Defining-Abilities

http://blog.udzura.jp/2012/01/12/lovely-authorization-with-cancan/
http://asciicasts.com/episodes/192-authorization-with-cancan
http://d.hatena.ne.jp/dimros/20110326/1301145073

インストール

Gemfileに追記

# Authentication
gem 'cancan'

gemをインストール

bundle install

CanCan設定

rails g cancan:ability

ロールを追加

attr_accessible :role
module Roles
  ADMIN = "admin"
  REGISTER = "register"
  LYRICS_VIEWER = "lyrics_viewer"
end

追加するとこんな感じ

• app/models/user.rb

class User < ActiveRecord::Base
  module Roles
    ADMIN = "admin"
    REGISTER = "register"
    LYRICS_VIEWER = "lyrics_viewer"
  end

  # Include default devise modules. Others available are:
  # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :rememberable, :trackable, :validatable,
         :authentication_keys => [:user_id]

  # Setup accessible (or protected) attributes for your model
  attr_accessible :user_name, :user_id, :email, :password, :password_confirmation, :remember_me, :role
  # attr_accessible :title, :body

  def email_required?
    false
  end
end

Usersテーブルにroleを追加

rails g migration add_role_to_users role:string

マイグレーション

rake db:migrate

• app/models/ability.rb

class Ability
  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user (not logged in)
    if user.role == User::Roles::ADMIN
      can :manage, :all
    else
      can :read, :all
    end
  end
end

初期ユーザー(管理者)を作成

• db/seeds.rb

# -*- coding: utf-8 -*-

unless User.find_by_user_id("admin")
  # ユーザーID : admin
  # パスワード : ********
  User.create(:user_name => "管理者", :user_id => "admin", :role => "admin", :password => "********")
end

db:seedを実行

rake db:seed