i'm looking for a customized RBAC solution for an application i am making. The main difference than casual CanCan would be that the RBAC is not relying on a User model, but rather on some other models, totally custom.
For instance, a user belongs to a group and that group has roles that have specific permissions. That is, a User may belong to group 'workers'(he is a worker), where workers are able to 'fix stuff'.
What i would actually like to ask before implementing this, is whether CanCan is able to do such a customized thing. Or if there is a better solution for designing a custom RBAC, a better plugin maybe ?
NOTICE that this RBAC i'm trying to do has nothing to do with actual user authentication, but is just a way to use internal resources, like who is able to fix stuff, who is able to clean and so on ..
CanCan cares very little about where permissions comes from.
Replace
class Ability
include CanCan::Ability
def initialize(user)
if user.has_role?(:foo)
can :manage, :bars
end
end
end
with
class Ability
include CanCan::Ability
def initialize(user)
if user.group.has_role?(:foo)
can :manage, :bars
end
end
end
And you have a group based system.