We’ve been using CanCan for Rails Authorization on most projects for a few years now. When upgrading an internal application to Rails 4, I discovered that CanCan does not play well with strong parameters. There are some patches to make things work, but they didn’t feel right. Also, CanCan hasn’t been given much love recently; …