0

I am building an internal project management software (ala Basecamp) that will be for our internal and external use. I am struggling to find the best strategy for doing advanced permissions though.

Like Basecamp, there will be a number of clients, with a number of projects under them. I want to be able to assign each user different viewing rights to each client and project, which will dictate who can see what. Basically, an admin should be able to say "this user can see these 4 projects", and then when that user logs in, they are presented with those 4.

I am using Cancan for overall permissions, but this does not appear to be able to assign in the way I need. I've looked at role_model, cantango, et. but can't find a use case that fits exactly what I am trying to do, even though it seems quite standard.

Any insight here?

Thanks!

Edit:

It has obviously occurred to me to just do a permissions table (described here: How to create a basic User Permissions per project association?). I struggle with a) is this the best way? and more importantly b) what is the best way to check permissions in the app and only show allowed data?

Community
  • 1
  • 1
John R
  • 301
  • 3
  • 14

1 Answers1

0

How about creating extra model Permission, that will hold permission for user for each project? Of course you can use can_can, but this approach will make is simple to analyze and solution will be dedicated for problem.

ie.

class Permission < ActiveRecord::Base
  TYPES = {
    :user=>1,
    :manager=>10,
    :admin=>100
  }
  belongs_to :user
  belongs_to :project
  validates :permission_type,
            :inclusion=>{:in=>Permission::TYPES.values},
            :presence=>true
end

class User < ActiveRecord::Base
  has_many :permissions
  has_many :projects, :through=>:permissions
  ...
end

class Project < ActiveRecord::Base
  has_many :permissions
  has_many :users, :through=>:permissions
end
Maciej Litwiniuk
  • 419
  • 3
  • 7