Advanced Role Permissions in Rails

Question

I have an app where there are different layers of permissions that can manage, or just simply create/view different objects. An example of my breakdown:

A host can view a reservation for a restaurant, and make an edit, but cannot create
A doorman can create a new reservation, and edit.
A customer service rep (on our side), can do pretty much everything.
A superadmin can do everything.

Is there a gem or mountable engine that I can use to take care of this? What would be the best practice?

yes use the combination of cancan and rolify gems – Rahul Singh Feb 02 '14 at 20:52 — Rahul Singh, Feb 02 '14 at 20:52

score 0 · Accepted Answer · answered Feb 02 '14 at 21:52

Cancan is a good choice but lately I've been looking at Pundit as a better alternative. In your case you would have something like this:

# app/policies/reservation_policy.rb
ReservationPolicy = Struct.new(:user, :reservation) do
  def create?
    user.service_rep? || user.doorman?
  end
end

Then in your controller:

# app/controllers/reservations_controller.rb
class ReservationsController < ApplicationController
  def create
    @reservation = Reservation.new(reservation_params)
    authorize @reservation
    @reservation.save

    respond_with(@reservation)
  end
end

This isn't tested and will need to be adapted to your exact situation but I hope it's a starting point.

Advanced Role Permissions in Rails

1 Answers1