I think it’s safe to assume that Lockdown will not be compatible with Rails 3.0 and since I have yet to find an authorization system with the same centralized rules philosophy, I need to make a drastic change.

Unless someone finds a critical bug, I will not be maintaining Lockdown. There will be a new (as yet to be named) project.

Why the big change? The first version of Lockdown was written for a pre 1.0 Rails application. Over time, it has been through a lot of refactoring, two major ones. Even having done that, there is still code that was written when I was first learning Ruby and was heavily influenced by my years as a Java programmer. I think it can be a lot cleaner/simpler.

The new project will be rack based to adapt easily to future changes and make it easier for Sinatra integration. I have been doing a lot of work with Sinatra lately and only see this increasing.

I’m not sure about the model level restrictions. I am not, nor was I ever, happy with the model level restriction functionality in Lockdown. Using it wasn’t intuitive and it’s implementation lacks intelligence . I’m not calling anyone out here, I wrote it and I think it sucks.

The idea of a centralized rule file will still exist in the new project. Therefore, converting your existing Lockdown based app to the new authorization system will only require a conversion of init.rb. I will be simplifying the dsl similar to this suggestion.

Unlike Lockdown, testing and documentation will be of equal importance to the code itself.

If you want to keep up to date with the progress, please follow me on twitter. I don’t tweet a lot of non tech noise.

To those who use Lockdown, thank you! The next project will be better.