as some of you might have read, the topic authentication and
authorization came up again on Github recently . There has been
some short comments on this on this list in last June .
So what is it about? The de facto standards for the two concepts in
Rails are Devise [3,4] and CanCan [5,6]. The question is, if we want
to replace authn/z in Foodsoft by the two modules.
What would we gain? From my point of view all the advantages of code
reuse, which among others include:
* profit from the open source community
* contribute to the community
* increase security
* less long-term maintenance
The main drawback I can see is the probably high short-term
implementation effort without any user-visible changes.
Nevertheless I would vote for the change because of the mentioned
Let us try to find a decision which everyone can support. Please share
your opinion on the list and maybe even repeat what you've written before.
Thanks for bringing this up again. I would love to see this happen.
Additional pros are (probably) less and cleaner code in foodsoft, easier
for new developers because of familiarity, and some features I'd like to
see are then much easier - like email confirmation and single sign-on.
It would indeed require some investment, but I think it is worth it in
the long run.
My current priority is on usability, but I'd be willing to contribute to
this on the side.