0

I am playing around with Mongoid (NoMySQL Database), DEVISE and CANACN

I have read the manual (https://github.com/ryanb/cancan/wiki/Role-Based-Authorization), but I dont wanna use the "roleMask"-calculation. I wanna use an Array (or Hash) -field instead, containing the roles of a user.

class User
  include Mongoid::Document
  field :email, :type => String, :null => false
  field :roles, :type => Array, default: -> { ['User'] if new_record?}

Is this possible in any way? And when yes, how? :-)

many thanks in advance

Jan
  • 12,992
  • 9
  • 53
  • 89

1 Answers1

3

Cancan doesn't really care how your roles work - your ability file is pure ruby so the logic is entirely up to you. For example you might have this in your ability:

can :manage, Product

If you want to restrict this to users whose roles array contains a certain value then you could do

if user.roles.include?('Admin')
  can :manage, Product
end

Since your ability is just a ruby class you can do pretty much anything that you can express in ruby.

There are multiple ways of dealing with inheritance, two are outlined in the cancan wiki.

One way involves changing how you check for a role: if you had an admin? method, then instead of just checking for the presence of the admin role it would also check for the presence of any other roles that should inherit all of that access.

Another way is to split your ability file into methods named after the role, for example all the statements for the editor role would be in the editor method, the manager method contains all the statements for the manager role etc. If for example managers need to inherit the access an editor has then call the editor method from manager.

Frederick Cheung
  • 83,189
  • 8
  • 152
  • 174