I am building a Rails 3 app and I am working on a design for a sophisticated user permissions tool where a Company user determines specific roles for each PM.
Imagine this scenario – the Company wants to establish specific roles over three types of data.
- Project table
- Client table
- Corporate Account (i.e. Company table)
I am thinking of adding a Role polymorphic table with these fields:
- user_id (the user this role applies to, unless all_users == true)
- item type (such as “Project”, “Client”, or “Company”, unless all_items == true)
- item id (as above)
- role (such as “read”, “edit”, “destroy”, or even “custom”)
- all_users (boolean: does this item’s role apply to all users)
- all_items (boolean: does this user’s role apply to all items)
- company_id (the company who ‘owns’ this role)
I feel that CanCan would be a nice lean way of accomplishing this, but here’s my question. 1. Is the above table a good way to do this? 2. Could CanCan tie in with this to create an effective solution?
Your table seems like a sensible way to implement a very complicated authorization scheme, which seems to be what you’re after.
As far as CanCan goes, yes it will tie in perfectly with this. All CanCan does is provide you with the ability to define authorization on actions, models, etc. according to certain criteria. These criteria could be anything (e.g. day of the month, etc.) but are usually tied to roles. So all you’ll have to do is specify the authorization rights according to the information in your Role table and the specific model instance that is going to be evaluated.