Cannibal: A simple Object permissions framework for Ruby


I’m proud to announce that we’re releasing one of our newer frameworks into the open-source community – specifically under the Simplified BSD License.

Cannibal is a permissions framework for object-to-object declaration and querying of permissions or capabilities. It is distributed as a standard gem library through You can also view the source-code at github.

So far, Cannibal has done reasonably well for us on various projects. It’s syntax could use some improvement but we believe it’s fairly expressive as it is – if you have suggestions for improvements, please write!

Basically you declare a class as either an Actor, or a Subject, or both. You do this by including the appropriate Cannibal mix-in:

class User < ActiveRecord::Base
    include Cannibal::Actor

class Thing < ActiveRecord::Base
    include Cannibal::Subject

Then you declare permissions for your Subjects. For example, if you want any User to be able to view any Thing object, but only want users with the “Administrator” role to be able to edit them, you might declare that like this:

class Thing < ActiveRecord::Base
    include Cannibal::Subject
    allow User, :view
        :actor => User,
        :verb => :edit,
        :actor_proc =>{ |user|
            user.role == 'Administrator'

Once declared permissions are easy to query, and read very well:

if @user.can? :edit, @thing

As you can see the permissions() method on Subject is still a bit ugly, and is the main reason for the < 1.0 release number. I’m definitely open to suggestions on improving its syntax.

Testing coverage is not bad, though there is some duplication between our rspec tests and our cucumber tests, and there’s a ton of refactoring yet to be done, but it’s working on a couple pet projects of mine and will be going into production for a customer project or two within the next couple weeks.

Enjoy 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s