I am trying to set different access control levels (3 levels in my app) for CRUD certain model. There is no User model in the app, because I use RPAM for authentication and session for keeping track of the user. In order to set authorization levels, I created a model named user_role, to assign a role to a username. In DB, it looks like this:
id | username | role
----+----------+---------
1 | user1 | limited
2 | admin | admin
3 | user2 | normal
I have a model defined like this:
class Treatment < ActiveRecord::Base
has_many :user_roles
attr_accessible :cust_id, :admission_time, :as=>:admin
attr_accessible :customer_type, :as=>:limited
end
How could I build a hierarchical structure of role: for all the stuff that limited could do, admin can do also, but not the other way.
